What is password spraying and why is it preferred over traditional brute force in Active Directory environments?