kcheckpass existed because historically we needed to be root to check passwords. This hasn't been true for tens of years. There are no security benefits, all authentication is based on the exit status of the greeter application.
This patch drops kcheckpass and brings everything in process, but in another thread.
This also reports back more fine grained PAM control at the same time (based on the work !29) forwarding all prompts and messages.
As using prompts involves an API change to the clients we check themes are up-to-date and fall back to breeze if needed as discussed on the mailing list. This will also allow us to clear up a lot of bad code in screenlocker during the 5.25 cycle.