Show password hashes on User List API

[josegomezr]

Is your feature request related to a problem? Please describe.

We're running authentik in conjunction with another subordinated identification system that wants to validate user password on their side.

However the password is not shown in the API endpoint /core/users/ response.

Describe the solution you'd like
A switch like include_groups that will signal authentik to return the password hashes stored in the DB out of the API. Probably also a designated permission so the passwords are only exposed to a user with the specific permission.

Describe alternatives you've considered
We have an implementation in #15572 *

Besides implementing it ourselves we were (ab-)using LDAP as a "bus" for transmitting password information across systems, due to our design we want to avoid (ab-)using LDAP for this purpose.

Additional context

Firefox screenshot of the API Response:

[fheisler]

@josegomezr, glad to hear SUSE is getting good use of authentik! This isn't something we want to add to the open source code, for the sake of security best practices. If your team would like to continue our conversations on the enterprise side, we would be happy to explore how best to support your integration needs.