Add cost argument to has_secure_password

Created by: t27duck

Motivation / Background

There may be instances where a developer is working in an environment where a higher cost than the default (12) for BCrypt is required either due to arbitrary security requirements or the recommended minimum changes and the version of bcrypt used isn't updated.

Detail

This change adds a cost: argument to has_secure_password. If provided, it will use that value for the password cost. Its value is validated to make sure it's between BCrypt::Engine::MIN_COST and BCrypt::Engine::MAX_COST.

Additionally [password attribute]_cost is exposed as a convenience method to determine the cost used for the set password hash. This can be used to review the current costs from a user record and either transparently upgrade the user's password or force a password reset.

Additional information

I'm not 100% married to using cost as the argument name as it affects only new passwords created for the record going forward.

Checklist

Before submitting the PR make sure the following are checked:

• This Pull Request is related to one change. Changes that are unrelated should be opened in separate PRs.
• Commit message has a detailed description of what changed and why. If this PR fixes a related issue include it in the commit message. Ex: [Fix #issue-number]
• Tests are added or updated if you fix a bug or add a feature.
• CHANGELOG files are updated for the changed libraries if there is a behavior change or additional feature. Minor bug fixes and documentation changes should not be included.