Address code review feedback - improve test security practices

Co-authored-by: devondragon <1254537+devondragon@users.noreply.github.com>

Author: Copilot

src/test/java/com/digitalsanctuary/spring/user/dto/PasswordDtoCharArrayTest.java

@@ -17,8 +17,13 @@ void userDto_getPasswordChars_returnsCharArray() {
         dto.setPassword("TestP@ssw0rd");
 
         char[] passwordChars = dto.getPasswordChars();
-        assertNotNull(passwordChars);
-        assertArrayEquals("TestP@ssw0rd".toCharArray(), passwordChars);
+        char[] expected = "TestP@ssw0rd".toCharArray();
+        try {
+            assertNotNull(passwordChars);
+            assertArrayEquals(expected, passwordChars);
+        } finally {
+            PasswordSecurityUtil.clearPassword(expected);
+        }
     }
 
     @Test
@@ -73,8 +78,13 @@ void passwordDto_getOldPasswordChars_returnsCharArray() {
         dto.setOldPassword("OldP@ssw0rd");
 
         char[] passwordChars = dto.getOldPasswordChars();
-        assertNotNull(passwordChars);
-        assertArrayEquals("OldP@ssw0rd".toCharArray(), passwordChars);
+        char[] expected = "OldP@ssw0rd".toCharArray();
+        try {
+            assertNotNull(passwordChars);
+            assertArrayEquals(expected, passwordChars);
+        } finally {
+            PasswordSecurityUtil.clearPassword(expected);
+        }
     }
 
     @Test
@@ -136,8 +146,13 @@ void savePasswordDto_getNewPasswordChars_returnsCharArray() {
         dto.setNewPassword("NewP@ssw0rd");
 
         char[] passwordChars = dto.getNewPasswordChars();
-        assertNotNull(passwordChars);
-        assertArrayEquals("NewP@ssw0rd".toCharArray(), passwordChars);
+        char[] expected = "NewP@ssw0rd".toCharArray();
+        try {
+            assertNotNull(passwordChars);
+            assertArrayEquals(expected, passwordChars);
+        } finally {
+            PasswordSecurityUtil.clearPassword(expected);
+        }
     }
 
     @Test