This is really an issue between the user and the client... how does the user communicate the proper UTF-8 password to the client? It isn't strictly a protocol issue.  It is the client's job to somehow get the password UTF-8 bytes from the user, and to get those bytes correctly.

But the protocol can help out and ease the burden on clients if it specified NFKC normalization.  I'm of two minds on this.