Centralize password check as method of 'User' objects

[DasSkelett]

Motivation

Checking passwords (and setting passwords) is something that must be rock-solid.
For this it makes sense to keep as much logic of it at a single place, so you don't have to rewrite it half a dozen times with the risk of introducing a nasty bug each time.

Also bcrypt 3.1.0 introduced a new bcrypt.checkpw(<input to check>, <hashed password>) function that is way more intuitive than the old bcrypt.hashpw(<input>, <hashed password>) == <hashed password>.
If you are wondering how the old one works, bcrypt.hashpw() reads the salt from the hashed password (bcrypt hashes save the salt in front of the actual pw hash) and hashes the clear text input using this salt. Then we compare the output with the actual hash.
The new method basically still does the same in the background, but we don't need to care about it anymore, it's much more readable.

Changes

Create a new User.check_password(<input>), which takes care of encoding the input strings with UTF-8 to give bcrypt the byte array it wants, and calling bcrypt.checkpw(). It returns True for a matching password and False for incorrect ones.
All places where we had the complicated bcrypt.hashpw() construct now simply call checkpw() on a User object.

If we ever need to change the hash function for passwords, this should simplify the process.

I've also added a basic test to make sure we aren't doing something majorly wrong in this method.

I've specified the minimum version of bcrypt we now need in the requirements-backend.txt.

Please review carefully to make sure I didn't accidentally drop a vital not or something in the password checks.

[HebaruSan]

Confirmed that logging in still works. 👍