refactor: Migrated bcrypt key derivation to argon2 and aead symmetric encryption

[bizk]

Description

Closes: #3129

• Replaced bcrypt key derivation for argon2id, this approach is secure and resolves most of bcrypt common issues. Algorithm implementation uses these parameters

const (
	argon2Time    = 1 // Recommended by library authors: Uses max memory available
	argon2Memory  = 64 * 1024 // Memory usage 
	argon2Threads = 4
	argon2KeyLen  = 32 // Key bytes
)

• Replaced xsalsa20 symmetric encryption with AEAD ChaCha20Poly
• Added backward compatibility for old keys.

---

Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

• included the correct type prefix in the PR title
• added ! to the type prefix if API or client breaking change
• targeted the correct branch (see PR Targeting)
• provided a link to the relevant issue or specification
• followed the guidelines for building modules
• included the necessary unit and integration tests
• added a changelog entry to CHANGELOG.md
• included comments for documenting Go code
• updated the relevant documentation or specification
• reviewed "Files changed" and left comments if necessary
• confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

• confirmed the correct type prefix in the PR title
• confirmed ! in the type prefix if API or client breaking change
• confirmed all author checklist items have been addressed
• reviewed state machine logic
• reviewed API design and naming
• reviewed documentation is accurate
• reviewed tests and test coverage
• manually tested (if applicable)

🔗 zboto Link

[IdaTucker]

Hmm, it seems like there are occasions where one could be trying to decrypt with a key generated the old way (with bcrypt), but with the 'new' (chachapoly) decryption algorithm, or vice versa (new key derivation algorithm but old symmetric decryption algorithm, which is in fact more of a problem since the salsa symmetric encryption algorithm is not an AEAD). I think the logic of DecryptPrivKey should be improved so that it is impossible that one attempts to decrypt using salsa decryption with a argon2id generated key.

[IdaTucker]

Looks good to me, maybe someone with a better understanding of Go can also review this.

[raynaudoe]

LGTM, only a few nits

[JulianToledano]

LGTM! 👍
only thing what Eze commented!