Adds javadoc to warn possible use of basic authentication.

DEVSIX-6875

Author: glenn.volckaert

sign/src/main/java/com/itextpdf/signatures/TSAClientBouncyCastle.java

@@ -143,8 +143,9 @@ public TSAClientBouncyCastle(String url, String username, String password) {
      * the same imprint length).
      *
      * @param url             Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA")
-     * @param username        user(account) name
-     * @param password        password
+     * @param username        user(account) name, optional
+     * @param password        password, optional if used in combination with username, the credentials will be used in
+     *                        basic authentication. Use only in combination with a https url to ensure encryption
      * @param tokSzEstimate   estimated size of received time stamp token (DER encoded)
      * @param digestAlgorithm is a hash algorithm
      */