add SRP user authentication method

Implement the SRP (Secure Remote Password) UAM for AFP,
as used by Apple Time Capsule.
The protocol uses SRP-6a with SHA-1,
MGF1 KDF, and RFC 5054 group #2 (1536-bit).

afppasswd is modified to operate on SRP storage file by default,
which stores per-user salts and verifiers,
while retaining the legacy RandNum functionality
activated with the -r flag.

An additional breaking change is that afppasswd -a now takes username
as argument rather than previous positional username arugment.

The containers now use SRP for authentication by default.

Author: rdmark

.github/workflows/spectest-macos.yml

@@ -95,9 +95,16 @@ jobs:
           # Initialize AFP password database for RandNum UAM
           CONFDIR="$(brew --prefix)/etc"
           sudo rm -f "$CONFDIR/afppasswd"
+          sudo afppasswd -c -r
+          sudo afppasswd -a $AFP_USER -f -n -r -w "$AFP_PASS"
+          sudo afppasswd -a $AFP_USER2 -f -n -r -w "$AFP_PASS"
+
+          # Initialize AFP password database for SRP UAM
+          CONFDIR="$(brew --prefix)/etc"
+          sudo rm -f "$CONFDIR/afppasswd.srp"
           sudo afppasswd -c
-          sudo afppasswd -a -f -n -w "$AFP_PASS" $AFP_USER
-          sudo afppasswd -a -f -n -w "$AFP_PASS" $AFP_USER2
+          sudo afppasswd -a $AFP_USER -f -n -w "$AFP_PASS"
+          sudo afppasswd -a $AFP_USER2 -f -n -w "$AFP_PASS"
 
       - name: Create PAM service file for netatalk
         run: |