Feat/440/add sandbox mode

[scottnemes]

Description

This PR adds the ability for mycli to go into "sandbox mode" when a user with an expired passwords is used to connect. Prior to this change, when a user with an expired password connects it will simply tell them the password is expired. With this change, the user goes into a restricted "sandbox" mode, which only allows the user to change their password, or quit. Once the password is changed, the client will then automatically reconnect using the updated password and go into the normal "full" mode and allow normal operation.

The behavior may be controlled by either the connect_expired_password config option (True by default), or the --connect-expired-password flag.

Expire user's password:

alter user 'noob'@'localhost' password expire;

Existing behavior when logging in with the expired password user:

uv run mycli -u noob -p
Enter password for noob:
(1862, 'Your password has expired. To log in you must change it using a client that supports expired passwords.')

New behavior when logging in with the expired password user:

uv run mycli -u noob -p
Enter password for noob:
Your password has expired. Use ALTER USER to set a new password, or quit.
mycli 1.44.3.dev684+ga5308b2c0.d20260408
Home: https://mycli.net
Bug tracker: https://github.com/dbcli/mycli/issues
Thanks to the contributor — Scrappy Soft
MySQL noob@127.0.0.1:(none)>

Trying to run a command:

MySQL noob@127.0.0.1:(none)> use dev;
ERROR 1820: You must reset your password using ALTER USER or SET PASSWORD before executing this statement.
MySQL noob@127.0.0.1:(none)>

Change password:

MySQL noob@127.0.0.1:(none)> alter user 'noob'@'localhost' identified by 'yolo';
You're about to run a destructive command.
Do you want to proceed? (y/n): y
Your call!
Query OK, 0 rows affected
Time: 0.009s
Password changed successfully. Reconnected.
MySQL noob@127.0.0.1:(none)> use dev;
You are now connected to database "dev" as user "noob"
Time: 0.001s
MySQL noob@127.0.0.1:dev> select * from t2;
+----+-----+
| id | def |
+----+-----+
|  1 | d   |
|  2 | e   |
|  3 | f   |
+----+-----+

3 rows in set
Time: 0.005s
MySQL noob@127.0.0.1:dev>

Note it then reconnects using the updated password and you are free to continue on as normal.

Resolves #440

Checklist

• I added this contribution to the changelog.md file.
• I added my name to the AUTHORS file (or it's already there).
• To lint and format the code, I ran

  uv run ruff check && uv run ruff format && uv run mypy --install-types .

[scottnemes]

@rolandwalker This is a pretty big one, so feel free to suggest any changes you might want for the general flow or messaging or whatever. Tried to keep it as minimal as possible to get the functionality, but it touches a lot of areas since a normal login has a lot going on behind the scenes as you know.