SEC-1905: Added footnote to password encoding for digest authentication

Technically digest authentication can allow for encoded passwords, but
it needs to be in the correct format. This update adds a footnote to clarify this.

Previously the documentation stated that passwords must be in clear text.

docs/manual/src/docbook/basic-and-digest-auth.xml

@@ -138,9 +138,12 @@
             <para>The configured <interfacename>UserDetailsService</interfacename> is needed because
                 <literal>DigestAuthenticationFilter</literal> must have direct access to the clear
                 text password of a user. Digest Authentication will NOT work if you are using
-                encoded passwords in your DAO. The DAO collaborator, along with the
-                <literal>UserCache</literal>, are typically shared directly with a
-                <classname>DaoAuthenticationProvider</classname>. The
+                encoded passwords in your DAO <footnote>It is possible to encode the password in the
+                format HEX( MD5(username:realm:password) ) provided the
+                <code>DigestAuthenticationFilter.passwordAlreadyEncoded</code> is set to <code>true</code>.
+                However, other password encodings will not work with digest authentication.</footnote>. The DAO
+                collaborator, along with the <literal>UserCache</literal>, are typically shared directly
+                with a <classname>DaoAuthenticationProvider</classname>. The
                 <literal>authenticationEntryPoint</literal> property must be
                 <classname>DigestAuthenticationEntryPoint</classname>, so that
                 <classname>DigestAuthenticationFilter</classname> can obtain the correct