limit sha512 rounds to similar runtime to sha256 limit

limit sha512 rounds to similar runtime to sha256 limit

these limits could definitely use review, but for now, i feel
consistency and erring on the side of preventing servers from getting
bogged down by excessively-slow user-provided settings (think
.htpasswd) are the best policy. blowfish should be updated to match.