fn normalize_password(password: &SecretString) -> SecretStringExpand description
Normalize a password to Unicode NFC before it is hashed or verified.
Argon2 hashes raw bytes, so the same password typed on different platforms/forms can hash
differently when it contains composed characters (e.g. å/ä/ö): NFC ä (U+00E4) and
NFD ä (U+0061 U+0308) are different byte sequences. Applying NFC at both hash and verify
guarantees storage and checking agree. The normalized form is kept in a SecretString so it
is zeroized on drop like every other password value here.