UserDetailsManager should support password change with nulls

[OrangeDog]

Describe the bug Upgrading from 6.x to 7.0, the org.springframework.security.provisioning package has now been @NullMarked.

Both getPassword and setPassword in MutableUser have been marked as @Nullable, but changePassword in UserDetailsManager has not.

There are situations where you would want to change a password without having the old one (e.g. forgot password resets and admin changes), which naturally involved passing null as the oldPassword. However, any code that implemented this now generates analysis errors due to the implicit @NonNull.

Please add @Nullable to at least oldPassword, and possibly newPassword as well for consistency with MutableUserDetails.