Avoid replacing secrets without zeroizing old memory

Before overwriting userpass.password, zeroize() the existing SecretBox contents (get a mutable reference and scrub) then replace. Avoid needless extra allocations.