test[faustwp]: clarify 'bad patterns' comment in hash_equals source guard

Per Copilot review: the comment said 'three bad patterns' but only two
assertStringNotContainsString calls follow. The original #2312 fix
replaced ===/!== at three call sites (rest_authorize_permission_callback,
wpac_authorize_permission_callback, filter_introspection), but the two
REST sites share the literal '=== $header_key' shape, so a single
substring check covers both. Reword to match what's actually asserted.

Author: josephfusco

plugins/faustwp/tests/integration/RestCallbacksTests.php

@@ -150,7 +150,10 @@ public function test_secret_comparisons_use_constant_time_hash_equals(): void {
 		$this->assertNotFalse( $rest_callbacks, 'Failed to read includes/rest/callbacks.php for regression guard.' );
 		$this->assertNotFalse( $graphql_callbacks, 'Failed to read includes/graphql/callbacks.php for regression guard.' );
 
-		// The three bad patterns this PR replaces:
+		// The bad comparison shapes this PR replaces (two distinct patterns, three
+		// call sites: '=== $header_key' covers both rest_authorize_permission_callback
+		// and wpac_authorize_permission_callback; '!== $_SERVER[...]' covers
+		// filter_introspection):
 		$this->assertStringNotContainsString( '=== $header_key', $rest_callbacks,
 			'rest_authorize_permission_callback must use hash_equals(), not ===.' );
 		$this->assertStringNotContainsString( "!== \$_SERVER['HTTP_X_FAUST_SECRET']", $graphql_callbacks,