Require hashed passwords for rescue by default

We added this option, and advertised it's default would change several
years ago. This completes the migration.

Change-Id: I64f80fa2f971a223156cc5bf4231b59da0189885

ironic/conf/conductor.py

@@ -256,8 +256,7 @@ opts = [
                help=_('Password hash algorithm to be used for the rescue '
                       'password.')),
     cfg.BoolOpt('require_rescue_password_hashed',
-                # TODO(TheJulia): Change this to True in Victoria.
-                default=False,
+                default=True,
                 mutable=True,
                 help=_('Option to cause the conductor to not fallback to '
                        'an un-hashed version of the rescue password, '

releasenotes/notes/require-hashed-rescue-password-6f7c0424e12c1aeb.yaml

@@ -0,0 +1,5 @@
+upgrade:
+  - |
+    Ironic now requires rescue passwords to be hashed. Operators who would like
+    to continue using unhashed passwords must set
+    `[conductor]/require_rescue_password_hashed` to ``false``.