update qhelp with more details about the use of constant passwords

Author: karimhamdanali

swift/ql/src/queries/Security/CWE-259/ConstantPassword.qhelp

@@ -4,6 +4,7 @@
 <qhelp>
   <overview>
     <p>Deriving password-based encryption keys using hard-coded passwords is insecure, because the generated key may be easily discovered. Data hashed using constant salts are vulnerable to dictionary attacks, enabling attackers to recover the original input.</p>
+    <p>In particular, constant passwords would enable easier recovery of the key, even in the presence of a salt. If that salt is random enough, then key recovery is not as easy as just looking up a hardcoded credential in the source code.</p>
   </overview>
 
   <recommendation>