Address code review feedback: improve credential validation

- Add proper empty string validation using trim()
- Add warning when falling back to default password
- Improve security by alerting administrators when secure configuration is missing

Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>

Author: Copilot

src/main/java/org/owasp/benchmark/helpers/LDAPManager.java

@@ -62,9 +62,16 @@ protected Hashtable<Object, Object> createEnv() {
 
         // Retrieve credentials from environment variable instead of hardcoding
         String ldapPassword = System.getenv("LDAP_ADMIN_PASSWORD");
-        if (ldapPassword == null || ldapPassword.isEmpty()) {
+        if (ldapPassword == null || ldapPassword.trim().isEmpty()) {
             // Fallback to system property for backward compatibility
-            ldapPassword = System.getProperty("ldap.admin.password", "secret");
+            ldapPassword = System.getProperty("ldap.admin.password");
+            if (ldapPassword == null || ldapPassword.trim().isEmpty()) {
+                // Last resort fallback for test environments only
+                System.err.println(
+                        "WARNING: Using default LDAP password. "
+                                + "Set LDAP_ADMIN_PASSWORD environment variable or ldap.admin.password system property for secure configuration.");
+                ldapPassword = "secret";
+            }
         }
         env.put(Context.SECURITY_CREDENTIALS, ldapPassword);