Reports module has knowledge about internal data of salted passwords
Reports module changes from issue #30695 introduced a check for the saltedpasswords extension and a report about users, whose passwords are not protected by the saltedpasswords.The problem with that solution is that reports uses an internal knowledge from saltedpasswords extension: a password prefix. This is bad because:
- it is a "solution spread" across modules
- details on the password encodings should be known only to the saltedpasswords extension to ensure that new methods can be added and only that extension handles it
The fix is to remove the query from the Reports module but call a newly introduced method in the saltedpasswords to get that number of users.