feat(login) password login using encrypted nsec

Enables the user to only handle the nsec upon first use of the tool
by encrypting it with a password and storing it on disk in an
application cache.

The approach to encryption draws heavily from that used by the gossip
nostr client.
 - unencrypted nsec is zeroed from memory
 - a salt is used to defend against rainbow tables
 - computationally expensive key stretching defends against
   brute-force attacks of passwords with low entropy.

There is UX trade-off between decryption speed and key-stretching
computation. This UX challenge is exacerbated in a cli tool as
decryption must take place more regularly. Thought was put into the
selected n_log and a heavily reduced value is provided for long
passwords where security benefits are smaller.

A more granular reducing in computation was also considered by
rejected to avoided to revealing just how weak a password is as most
weak passwords are reused.

1 files changed, 2 insertions, 1 deletions

diff --git a/src/sub_commands/login.rs b/src/sub_commands/login.rs
index d61f578..5391024 100644
--- a/src/sub_commands/login.rs
+++ b/src/sub_commands/login.rs
@@ -7,5 +7,6 @@ use crate::{login, Cli};
 pub struct SubCommandArgs;
 
 pub fn launch(args: &Cli, _command_args: &SubCommandArgs) -> Result<()> {
-    login::launch(&args.nsec)
+    let _ = login::launch(&args.nsec, &args.password)?;
+    Ok(())
 }