Ability to change scorer constants in advance of Argon2i hashing becoming default

[DeftNerd]

PHP 7.2 has added the ability to use the Argon2i hashing method as an alternative to Bcrypt, with PHP 7.3 planning to use Argon2i as the default hashing method.

Currently, Zxcvbn scores password crack times by assuming that Bcrypt has been used.

There are some changes that would help Zxcvbn deal with this new generation of hashing.

Easiest change would be allowing optional SINGLE_GUESS and NUM_ATTACKERS overrides to the score function that gets passed to calcCrackTime. If calcCrackTime sees the overrides, it'll use that info it'll use it instead of the SINGLE_GUESS and NUM_ATTACKERS constants.

The other option would be the ability to pass a hash method name to score like score($entropy, 'bcrypt') or score($entropy, 'argon2i') and it can pick the appropriate constants automatically.

[mkopinsky]

As of the 4.0.1 release of the Dropbox (Javascript/Coffeescript) library, the scoring algorithm works differently, without the set of constants/assumptions embedded in the old algorithm. See https://github.com/dropbox/zxcvbn/blob/master/src/scoring.coffee for how it now operates, or https://github.com/mkopinsky/zxcvbn-php/blob/match-upstream/src/Scorer.php for a PHP port of the new algorithm.

@DeftNerd, does the new algorithm make sense to you in the new Argon2i world? I'll admit I don't 100% understand the algorithm, so I'm looking to people who can understand complexity analysis and security better than I for feedback before I open a PR with the newly ported implementation.