refactor: unify get_{luks,zfs}_passphrase and get_root_password

Extract the prompt/confirm/min-length loop into prompt_password() in
lib/common.sh using a nameref for the output variable, so UI output
stays on the terminal (no command-substitution capture) and the three
callers collapse from ~30 lines each to a single helper call.

- get_luks_passphrase() — min 8 chars
- get_zfs_passphrase()  — min 8 chars
- get_root_password()   — no min (was unchecked before; preserved)

5 bats tests added: match+min-ok path, length-retry loop,
mismatch-retry loop, min_len=0 disables check, empty passphrase
when min_len=0. make test: 58/58.

1 files changed, 37 insertions, 0 deletions

diff --git a/installer/lib/common.sh b/installer/lib/common.sh
index 4acd7b9..dcaf071 100644
--- a/installer/lib/common.sh
+++ b/installer/lib/common.sh
@@ -57,6 +57,43 @@ require_command() {
 }
 
 #############################
+# Password / Passphrase Input
+#############################
+
+# Prompt for a secret, require confirmation, enforce min length, loop
+# until valid. Sets the named variable by nameref so UI output stays
+# on the terminal and the caller doesn't command-substitute.
+#
+# Usage: prompt_password VAR_NAME "label for prompts" MIN_LEN
+#   min_len of 0 disables the length check.
+prompt_password() {
+    local -n _out="$1"
+    local label="$2"
+    local min_len="${3:-0}"
+    local confirm
+
+    while true; do
+        prompt "Enter $label:"
+        read -rs _out
+        echo ""
+
+        prompt "Confirm $label:"
+        read -rs confirm
+        echo ""
+
+        if [[ "$_out" != "$confirm" ]]; then
+            warn "Passphrases do not match. Try again."
+            continue
+        fi
+        if [[ $min_len -gt 0 && ${#_out} -lt $min_len ]]; then
+            warn "Passphrase must be at least $min_len characters. Try again."
+            continue
+        fi
+        break
+    done
+}
+
+#############################
 # FZF Prompts
 #############################