chore: update changelog and modify configuration for blank password

[AdakHaddad]

While running the server locally, I encountered an error because my MySQL setup doesn’t use a password. The current logic treated the absence of a password as a misconfiguration, which caused the server to exit.

I made the password field optional in the database configuration. This doesn't affect production security practices — it's simply to support setups (like local development) where a blank password is common and acceptable.

Security remains a priority, but I wanted to make the app a bit more flexible for different environments. Happy to adjust further if needed.

[designcomputer]

@AdakHaddad Thank you for your contribution! @zhangzhw8 also made this suggestion in an earlier pull request. While the addition of support for empty passwords in local MySQL testing could be convenient, it raises some concerns:

Security Risks: Allowing empty passwords, even in a testing environment, could lead to accidental configurations being deployed in production, which poses a significant security vulnerability.
Best Practices: This change might encourage practices that deviate from secure coding standards, potentially impacting the reliability of the system.
Safeguards: It is unclear from the current implementation whether there are adequate safeguards to prevent this feature from being used outside of a testing context.
We are currently reviewing the potential risks versus the benefits of this change.