disk/cryptodisk: Wipe the passphrase from memory

Switching to another EFI boot application while there are secrets in
RAM is dangerous, because not all firmware is wiping memory on free.

To reduce the attack surface, wipe the passphrase acquired when
unlocking an encrypted volume.

Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

grub-core/disk/cryptodisk.c

@@ -1302,6 +1302,7 @@ grub_cryptodisk_scan_device_real (const char *name,
 
   if (askpass)
     {
+      grub_memset (cargs->key_data, 0, cargs->key_len);
       cargs->key_len = 0;
       grub_free (cargs->key_data);
     }