Derby should use char[] to internally represent passwords, rather than String.

I noticed that routines like AuthenticationServiceBase.encryptUsingDefaultAlgorithm() represent plaintext passwords as Strings. This is unsafe because Strings are easy to sniff even after they go out of scope. See the discussion on DERBY-866. We should rephrase passwords as char[] and zero them out as soon as possible.