Hm, I'm not a fan of comparing the hash before/after CheckPassword. Can we
return a bool indicating whether the password hash has been upgraded? e.g.
func (u *User) CheckPassword(password string) (upgraded bool, err error)
BTW, we have User.SetPassword -- we can use that instead of repeating the