Add AuthorizationManager

[rwinch]

We should add an AuthorizationManager which is an imperative version of ReactiveAuthorizationManager. The class should look something like:

public interface AuthorizationManager<T> {
	AuthorizationDecision check(Supplier<Authentication> authentication, T object);

	default void verify(Supplier<Authentication> authentication, T object) {
		AuthorizationDecision decision = check(authentication, object);
		if (!decision.isGranted()) {
			throw new AccessDeniedException("Access Denied");
		}
	}
}

Using something that allows delaying looking up the Authentication like Supplier<Authentication> vs an Authentication directly.

We should also add support for AuthorizationManager in HttpSecurity.authorizeRequests().

Finally, we should change around the existing classes that use AccessDecisionManager should migrate to AuthorizationManager and AccessDecisionManager should be marked as deprecated.

[evgeniycheban]

@rwinch I would like to work on this.

[jzheaux]

It's yours, @evgeniycheban

[evgeniycheban]

@jzheaux I created a very draft PR.

Please take a look when you have a moment. Am I moving in the right direction?