Incorrect text in login dialog for online gaming

Since the store isn't secure, we should still have a warning there. Since it's not stored securely, I'm OK with it not being 100% accurate - it will make people err on the side of caution.

Do you have any ideas on ow to make the passwords actually secure? If so, implementing UI support for replacing the password's characters with **** would be a good thing to aim for for Build 21.

Keeping the warning sounds reasonable.

Secure storage can be quite hard, depending on what kind of security we want.
If we only want to avoid that a human reads the password from the configuration file and uses it in some other context, that should be doable quite easily (replace the insecure SHA1 algorithm we are using with something better. Unfortunately I haven't been able to find a good/small/free library/function to do so yet).
If we want to make sure that the (value in the) configuration file can't be stolen and used on another system for logging in into the lobby by using the game then ... I have no idea how to do so. Well, maybe there is an easy way to achieve it but none that I know of.

Adding a password-edit-box sounds good. I was already considering adding some placeholders in the password fields since it is currently empty when you open the dialog, even when the password is stored in the config. In the past the old password was shown in the field but now we only store the hash of the password and there is no sense in showing that. A side effect of the empty field: The dialog forces the user to enter the password again when logging in through it, even when the "automatic/fast" login would work by using the stored data.

The password edit box can be solved for Build 21. We need:

- Add password mode to editbox to show * instead of the actual letters typed
- Do not prefill the password in the editbox when its shown
- Get the hash for the automatic relogin, just like now I guess

Regarding the stored hash, Maybe the server could add something to change the hash on each successful login? This way, a stolen hash will only work until the original user tries to log in again. The original user will get a login failure because the hash has changed, and will reenter the password.

Storing some dynamic password data on the server is an interesting idea, I haven't considered that approach yet. A disadvantage: Using Widelands on two computers no longer works without entering the password quite often. But this is a problem some other approaches share, too, so I guess we have to decide whether we want to support that.

Migrated to https://github.com/widelands/widelands/issues/1703