The logic here was wrong, but trying to handle SCRAM when we
could read the password, or there was native support. However,
the existing SCRAM code doesn't perform any fallback - instead
that's left to the AuthProviders themselves to implement.

So the new logic just assumes that an AuthProvider which can
provide that fallback will advertise it. If we later make this
support generic, it can go into the AuthFactory level.