Encrypt API password and token

Actually, I was just about to request this hashing myself (preferably a strong/secure hash). I imagine this is a real quickie feature request, best done by JoshK/Aaron/Bevan.

However, if not, I could have a different "credential encryption module" (that I had produced for the Ubercart Authorize.net CIM module) re-purposed into an add-on for this module. This add-on module would be called "Salesforce API Encryption" or something. Having a whole separate little module for this feature might be overkill-- but if you decide you want this help, I will have it done asap.

Patches welcome as well as integration with other modules providing this API

In this patch:

• Implementation of optional but recommended encryption for SF credentials using AES Encryption module.
• Security for credentials: fields on SF settings form are now password fields instead of textfield fields.
• Credentials are never displayed to the user through the UI.
• If the user leaves the credentials fields blank, existing credentials are not overwritten.
• Added a checkbox to erase existing credentials.
• Added runtime case to hook_requirements to throw a requirement error when encryption is not being used.
• Added runtime case to hook_requirements to throw a requirement warning when database encryption is used instead of file encryption.
• Added wrapper functions salesforce_api_encrypt, salesforce_api_decrypt, and salesforce_api_encryption_available to abstract AES dependency and make pluggable encryption easier in the future.
• Updated README with notes about encryption and security.

Notes:

• This will NOT enable encryption of existing credentials. If you install this patch, you'll have to also re-enter your credentials before they are encrypted.
• The variable storage location has not changed - credentials are still stored in the variable table. salesforce_api_connect properly decrypts the variables, but any module accessing the variables directly will need to implement decryption as well.

Updated patch to current dev (2010-Jun-09) code and README.txt styling. Works as described.

Fixed some trailing spaces and formatting.

Subscribing...maybe will test/re-roll in next few weeks.

The patch no longer applies cleanly to salesforce_api.admin.inc, so the variables aren't getting encrypted. I'll try to work on this soon.

In hook_requirements, line 175:

      elseif (!salesforce_api_encryption_available(array('check_config' => FALSE))) {
        $description = t('Encryption is unavailable. Using encryption is <strong>highly recommended</strong> in order to better secure your data.');
        $severity = REQUIREMENT_ERROR;
      }

If we are requiring encryption to use the Salesforce module, then the wording should change to "Using encryption is required" (rather than just highly recommended).

Personally, I would prefer to change the severity to REQUIREMENT_WARNING, because I don't think this should be a requirement for using the module.

@kostajh: Sounds good (in re: making it a warning).

Attached patch applies cleanly against 6.x-2.x-dev, and changes the severity level to a warning (instead of error) if encryption is unavailable.

I tested and it works great.

OK, this is in.
Thanks for contribs and testing.

related: another advantage of #990700: Support the new REST API would be that credentials wouldn't be stored on the server at all, only the REST auth token.