Initialize memory in password hashing

The authentication code did not initialize one of the buffers used to
calculate the password hashes. This resulted in the use of uninitialized
memory when the user provided no password.

server/modules/authenticator/MySQLAuth/dbusers.c

@@ -220,7 +220,7 @@ static bool check_password(const char *output, uint8_t *token, size_t token_len,
 
     /** Next, extract the SHA1 of the real password by XOR'ing it with
      * the output of the previous calculation */
-    uint8_t step2[SHA_DIGEST_LENGTH];
+    uint8_t step2[SHA_DIGEST_LENGTH] = {};
     gw_str_xor(step2, token, step1, token_len);
 
     /** The phase 2 scramble needs to be copied to the shared data structure as it