feat: add password module with native node:crypto scrypt

[himself65]

Closes: #3

Summary

Closes better-auth/better-auth#8456

• Adds a new ./password export with hashPassword and verifyPassword functions
• Default implementation uses @noble/hashes/scrypt (pure JS, compatible with browsers and Cloudflare Workers without node compat)
• node export condition uses node:crypto native scrypt (faster for Node.js and CF Workers with node compat enabled)
• Both implementations share the same hash format (${salt}:${hex(key)}) — fully compatible with each other and with existing stored hashes

Export resolution

// In Node.js / CF Workers with node compat → uses node:crypto
// In browsers / CF Workers without node compat → uses @noble/hashes
import { hashPassword, verifyPassword } from "@better-auth/utils/password";

Test plan

• hashPassword produces salt:hex format (32-char salt, 128-char key)
• verifyPassword returns true for correct password, false for wrong
• Throws on invalid hash format
• Each call produces a unique hash (random salt)
• Empty password handled correctly
• Very long password (1000 chars) handled correctly
• Unicode NFKC normalization (fi → fi)
• Tampered key/salt in hash returns false
• Special characters in password
• Cross-compatibility: noble-generated hash verifiable by node:crypto and vice versa