I'm seeing this on a Forge-provisioned server as well.
The issue seems to be that the forge MySQL user is using the mysql_native_password plugin. To determine this, run the query:
select user, host, plugin from mysql.user;
On my server, the result is:
mysql> select user, host, plugin from mysql.user;
+------------------+----------------+-----------------------+
| user | host | plugin |
+------------------+----------------+-----------------------+
| forge | % | mysql_native_password |
| root | % | caching_sha2_password |
| forge | xxx.xxx.xxx.xxx | mysql_native_password |
| root | xxx.xxx.xxx.xxx | caching_sha2_password |
| debian-sys-maint | localhost | caching_sha2_password |
| mysql.infoschema | localhost | caching_sha2_password |
| mysql.session | localhost | caching_sha2_password |
| mysql.sys | localhost | caching_sha2_password |
| root | localhost | auth_socket |
+------------------+----------------+-----------------------+
9 rows in set (0.00 sec)
I think the rationale behind this is that until PHP 7.2, caching_sha2_password wasn't supported by PHP.
On servers where we don't need to support < 7.2 however, it seems that the forge user should be using the caching_sha2_password plugin.