First things first - I love your work here and am a very happy user of PiHole
There is one thing I believe should be changed - the password should not be sent to developers, or even stored in the debug.log in the first place. There is no apparent legitimate reason for that.
I understand this is SHA256(SHA256()), which isn’t stupid md5 or so, but simply it’s not about the hash strength - as a good security practice, the passwords should not be stored in logs/hard-coded in binaries etc. The logs can be intercepted among upload to your server or any other server (if someone wishes to keep to the logs off site, for example), can be retrieved from backups or data recovery etc.
As such, I would like to request a minor change of removing the hash of the password from any logs.