Use of minimized cryptographic library

[teythoon]

Describe the bug
The extension uses forge.min.js, a verbatim copy from the pwdhash-poc project. This is effectively a blob, of unknown origin, impossible to audit in any meaningful way.

Expected behavior
The extension should not contain minified code. Preferably, it should use PBKDF2 from the WebCrypto API. Failing that, it should include the unminified source from, say forge, limited to what is actually needed. This way, the extension can be properly audited.