Currently HudsonPrivateSecurityRealm is used in first install, but it is not FIPS-140 compliant as it uses encryption (`bcrypt` / `blowfish`) that is not an approved algorithm, nor comes from a validated provider.

It would be handy to be able to start Jenkins in a way that has the promise of being FIPS compliant