Allow to connect with arbitrary plugin

[sidorares]

WIP

Currently mysql2 driver always tries to connect with mysql_native_password plugin. For the servers supporting PLUGIN_AUTH and configured to use plugins other than mysql_native_password initial connection is usually followed by AUTH_SWITCH_REQUEST packet and additional handshake with another plugin. This PR will allow to use plugins other than mysql_native_password in the initial client hello response. The order of preference on the plugin used during connection is:

• if the server does not support plugin authorisation and secure auth server capability flag is set - mysql_native_password ( aka auth4.1 )
• if the server does not support plugin authorisation and secure auth server capability flag is not set- pre auth4.1 token
• plugin indicated by defaultAuthenticationPlugin config parameter name, if set ( error if the parameter is set but no standard or user provided plugin under this name )
• plugin returned in auth_plugin_name server hello packet field ( error if plugin not configured )
• "mysql_native_password" if no defaultAuthenticationPlugin or serverHello.auth_plugin_name

---

related issues:

• allow to use arbitrary plugin as first auth method #560

• Do not enable mysql_clear_password by default #1617

• fix dead link https://mysqlserverteam.com/mysql-8-0-4-new-default-authentication-plugin-caching_sha2_password/ to point to https://dev.mysql.com/blog-archive/mysql-8-0-4-new-default-authentication-plugin-caching_sha2_password/

• move standardAuthPlugins from auth_switch.js to connection. Make fields lazily loaded via getters. Also have a logic "given plugin name, return plugin instance" in the connection. Make sure it is possible to override standard plugins with custom ones

• remove authToken calculation from handshakeResponse. Calculate it in the client_handshake command and pass the token to handshake_response packet

• use plugin name from initial server hello packet to initialise plugin. Make it possible to override if defaultAuthenticationPlugin config option set ( mysql server uses default_authentication_plugin name in its config and sys variable - https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_default_authentication_plugin )
  Potentially allow defaultAuthenticationPlugin to be a function connection => Promise, but also maybe better to have connection => Promise instead to cover everything - see Add a function to update pool default configurations #1983 (comment)

• initialize _authPlugin in the client_handshake command ( also - make sure it is removed on auth / auth switch / change user success )

• refactor change_user packet to use code from handshake_response packet

• MAJOR VERSION: delete all references to authSwitchHandler and related code ( documentation/en/Authentication-Switch.md, auth_switch.js: warnLegacyAuthSwitch etc ) later

• tests for all 3 scenarios ( auth, auth switch, change user )

• tests for explicit default plugin name

[github-actions]

Coverage report

The coverage rate is 89.2977066514253%

The branch rate is 84.63687150837988%

100% of new lines are covered.

[123FLO321]

Any update on this MR?
Currently ProxySQL does not support Auth Switch, making it fail to connect when not using mysql_native_password.
The possibility to specify the inital auth method, added in this mr, should solve this.

[sidorares]

@wellwelwel I'm going to resurrect work on this, hope to make some progress in the coming days.
Main benefit is that it can dramatically improve performance of short lived connections as there is no need to re-negotiate caching_sha2_password method.

Since mysql v8 and above is widely adopted now, what happens for the majority of clients is this:

S: hey, I'm mysql v9.2. I support authentication plugins, prefer connection using caching_sha2_password. Here is my random data to start handshake
C: Hello, I'm going to connect using 'mysql_native_password'!
S: No, please use caching_sha2_password. Here is my random data again to start handshake
C: Ok then ( continues caching_sha2_password sequence )

At least 1 full roundtrip can be easily avoided