fix(Crypto): Prevent stdin password prompt when loading protected key (#4627)

[matejk]

Summary

Fixes #4627 - When loading a passphrase-protected private key with EVPPKey using an empty password, OpenSSL would prompt stdin for the password. This is unsuitable for library code.

Supersedes #4799 with a more complete fix that works on both macOS and Linux.

Root Cause

The original code set both the password callback (pCB) and password data (pPassword) to NULL when password was empty:

pem_password_cb* pCB = pass.empty() ? nullptr : &passCB;
void* pPassword = pass.empty() ? nullptr : pass.c_str();

On Linux, when the callback is NULL, OpenSSL ignores pPassword entirely and falls back to prompting stdin.

Fix

Always provide the callback, even when password is empty:

pem_password_cb* pCB = &passCB;
void* pPassword = const_cast<char*>(pass.c_str());

The passCB function already handles empty passwords correctly - it returns 0 when password length is 0, which tells OpenSSL "no password provided" and causes a proper error instead of stdin prompt.

Changes

• EVPPKey.h: Always use password callback in both file-based and stream-based key loading
• Added test testECEVPLoadKeyWrongPassword to verify empty/wrong password throws exception