This is a combination of #11661, #12091, #11656

We should add a new article in security/ explaining how to migrate/upgrade a password hash, so that the safest possible hash is always used. In order to support migrating passwords, two things are necessary:

1. The key here is to use encoder: auto. It'll create a MigratingPasswordEncoder ([Security] add MigratingPasswordEncoder #11661) with a list of encoder, from most to least secure. It'll loop over the list to try and find an encoder that can validate the user password. It'll also check if there is a better encoder available for this password hash.

2. Then the UserProvider (or, when using Doctrine, the UserRepository) needs to implement Symfony\Component\Security\Core\User\PasswordUpgraderInterface. This interface has an upgradePassword() method that receives the new (more secure) hash and needs to store it in the database ([Security] add support for opportunistic password migrations #12091). It'll only be called if a better hash is generated.

The maker bundle is updated to create ready to use UserRepositories and security configuration by default.

When a custom encoder is created/used, it needs to implement a needsRehash() method. When this returns true, the credentials are rehashed using the encoder (and PasswordUpgraderInterface::upgradePassword() is called to store this new hash for the user) (#11656).