Drush 9: passwords should be scrambled by default when running `sql-sanitize`

[timcosgrove]

(Reposted from Drupal slack #drush:)

Minor drush sql-sanitize suggestion:
https://github.com/drush-ops/drush/blob/master/src/Drupal/Commands/sql/SanitizeUserTableCommands.php#L89

The default for password is the literal string "password". This means that, under default options for sql-sanitize, given a sanitized database, anyone with access can log in as any user. This feels like a security risk, as in theory users with access to lower lifecycle environments could log in as admin and gain knowledge of a production system's settings; or, could log in as other users, and gain knowledge of their correspondance, their own user settings, etc (which should maybe also be sanitized).

Would it make sense to create a randomized password by default? Then not only would the users' passwords be scrubbed, but their accounts would become inaccessible (at least without direct DB access, at which point all bets are off.)

I'll provide a PR. Putting this here for documentation's sake.

[weitzman]

I'm happy to change this behavior as suggested. PRs welcome.

[damienmckenna]

Should this be backported to Drush 8 (or older?) given how few installs of Drush 9 there are and will be?

[greg-1-anderson]

Backports to Drush 8 are still being accepted.

[CashWilliams]

Tried to reference this issue in #3341 but did it wrong I guess

[CashWilliams]

I think this can be closed.