Group Replication provides a distributed recovery process to
synchronize new member with the group, WL#6837.
This process is triggered on the new member, joiner, by establishing
a asynchronous replication connection to one online member of the
group and fetching all missing data until the point that the joiner
joined the group.

This asynchronous replication connection needs to be allowed to be
established using credentials, more precisely a username - password
tuple.
Currently these credentials are stored on MySQL server configuration
file and/or set by SET GLOBAL VARIABLE command, which causes a
issue:
persistence: the password is stored in plain text on a configuration
file.

To fix this persistence issue, this bug will will implement the
following changes:

1. The user will always need to create the recovery channel using the
CHANGE MASTER command. The plugin will not set any default value for the
user and password field in CHANGE MASTER.
2. Restrict the addition of only MASTER_USER and MASTER_PASSWORD for
the recovery channel on the server side. All other settings for the
change master are added on the plugin side, as it is done today.