Bullseye: configure PAM (unix) to use SHA512.

Bullseye uses yescrypt by default, but Tails Greeter only supports
sha512 for the persistent administration passwords feature. Switching
to yescrypt also creates a migration issue for those that have a
persistent sha512 password and upgrade to a Tails using yescrypt, so
if we want to do that further work is needed.