Comment 2 for bug 2037742

If looking up the default is sufficiently ugly I propose we just hardcode it to yescrypt and check in CI that `useradd ; passwd` or whatever actually uses the algorithm we expect. We won't be happy the day the CI check fails but at least we'll know promptly.