Implementation of PasswordEncoder that uses the BCrypt strong hashing function. Clients
can optionally supply a "strength" (a.k.a. log rounds in BCrypt) and a SecureRandom
instance. The larger the strength parameter the more work will have to be done
(exponentially) to hash the passwords. The default value is 10.
Verify the encoded password obtained from storage matches the submitted raw
password after it too is encoded. Returns true if the passwords match, false if
they do not. The stored password itself is never decoded.