This fixes bz#1108742 by providing a new global parameter
"--default-password", that will be the default for all other password
parameters if set. Each individual password parameter can override the
default global, and if none are set, a random password will be used as
before.
As part of the change, process_param_value() has been updated, to avoid
leaking passwords when they are modified by a processor function.
Change-Id: Ic5947567599c8b221b7a9e60acb4708429507741
512bdce979