Summary of Changes

PHP 7.2 introduces support for a new native password hashing algorithm based on Argon2 (see https://wiki.php.net/rfc/argon2_password_hash for the relevant RFC). Since the native password API now supports multiple algorithms, the use of PASSWORD_DEFAULT is a little more flaky since conceivably one day PHP core could change this to point to a different hash. Therefore, this PR does a few things.

1. Changes PASSWORD_DEFAULT uses to the explicit PASSWORD_BCRYPT constant instead
2. Makes the check for the hash prefix for bcrypt hashed passwords in Joomla\CMS\User\UserHelper::verifyPassword() a little more strict
3. Adds logic into Joomla\CMS\User\UserHelper::verifyPassword() to detect Argon2 passwords and attempt to validate them (officially, we aren't going to advertise this as a supported password hash and no part of the core API will support generating Argon2 hashes, BUT, if someone running PHP 7.2 chooses to compile it with support for the hash and implement some handling to put Argon2 hashes in their database, we can validate it since the native PHP API will handle it)

Testing Instructions

Generating password hashes still results in a valid bcrypt hash, users can still authenticate correctly.