OF-3257: Use constant-time comparison for channel binding data in SCRAM-SHA-1(-PLUS) SASL server
Previously, the comparison of the expected and received channel binding payloads in ScramSha1SaslServer used Arrays.equals, which is not guaranteed to operate in constant time. This could potentially leak information about the channel binding data through timing side-channels.
This change replaces Arrays.equals with MessageDigest.isEqual, ensuring that the comparison is performed in constant time. This strengthens the implementation against timing attacks, aligns with secure coding best practices, and provides defense-in-depth for sensitive authentication operations.
OF-3257/OF-3258: Improve one-time initialization of SERVER_SECRET_NONEXISTENT_USERS
The previous method for one-time initialization of the SERVER_SECRET_NONEXISTENT_USERS property (which depended on a static initializer block) proved to be fragile.
In this commit, initialization happens in a getter that should be used instead of directly accessing the property.
OF-3257: Avoid short-circuiting in SCRAM by introducing deterministic fake keys
When storedKey or serverKey are missing, generate deterministic fake values derived from a server-side secret and the username. This ensures that authentication follows the same execution path regardless of user existence, reducing susceptibility to timing attacks.
Includes unit tests to verify determinism and key separation.
