Ensure Passwords are wiped from memory when dropped

[simonsan]

I see you use only a String for the passwords, maybe it would be good to adopt something like abscissa_core::Secret here?

https://docs.rs/abscissa_core/0.5.2/abscissa_core/struct.Secret.html

[astonbitecode]

Indeed, I didn't have the chance to deal with this in the Editors (the same stands for the rust-keylock-ui). The thing is that we need to have a suitable solution for Java too, because when a password reaches the Editor in plaintext (in order to be revealed to the user), it is actually sent to the Java world (transformed to a Java String via j4rs) in order to reach the UI. So, we need to zeroize the Java world too...

There was a plan to use Java ByteBuffer for that, but I am not sure it will be enough; we need to create a String I guess in order to actually render the password characters to the screen. I am not aware of Android components that accept ByteBuffers.

FYI, rust-keylock-lib (the core) uses SecStr and Zeroize to protect and wipe sensitive sensitive data (passwords, keys etc), plus keeps everything encrypted in memory until needed (like in the case discussed above - reveal a password to the user).

So, in the Editor's "Rust World", Zeroize can be used. Do you have maybe any idea on how we could pin and wipe memory in Android?