Implementation of PasswordEncoder that uses the BCrypt strong hashing function. Clients can optionally supply a
"strength" (a.k.a. log rounds in BCrypt) and a SecureRandom instance. The larger the strength parameter the more work
will have to be done (exponentially) to hash the passwords. The default value is 10.
Verify the encoded password obtained from storage matches the submitted raw password after it too is encoded.
Returns true if the passwords match, false if they do not.
The stored password itself is never decoded.