Spring Security [spring-security/crypto/bcrypt] [performance] SecureRandom created every for single password encode

Describe the bug

BCrypt#gensalt without providing a SecureRandom instance, seems to generate one every single time. https://github.com/spring-projects/spring-security/blob/be64c67af5b4ad732de1b731ece6ce4fe3286932/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java#L721

...and gensalt seems to be called without this argument if the default constructor for BCryptPasswordEncoder is called. https://github.com/spring-projects/spring-security/blob/be64c67af5b4ad732de1b731ece6ce4fe3286932/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java#L105-L116

To Reproduce - N/A Expected behavior - A persistent instance of SecureRandom is created if the user did not provide one. If the gensalt method without a provided instance is no longer required, it should then be considered deprecated API. Sample - N/A