The avalanche proof editor and delegation editor keep a copy of the wallet password so that the user is not prompted too often for the password (when signing proofs & delegations, signing coins...)
This diff changes the data structure used to cache the password to a mutable type and overwrites the password with 0s when the widget is no longer referenced, to avoid exposing the password to malware. In practice, this happens when the application is closed.
The scope of this diff is limited to the password cached by the various widgets inheriting CachedWalletPasswordWidget. It does not fix all the other places in the codebase that store the wallet password or a private key in a local var (all direct or indirect callsites for keystore.get_private_key, all main_window methods that use the @protected decorator, all the callsites that directly use PasswordDialog...)