SecuredAuthorizationManager should allow customizing underlying authorization manager

[jzheaux]

Dependent on #12232, exposing this authorization manager will allow applications to customize it. This can be handy in circumstances where, for example, authorization is externalized to service or database.

[evgeniycheban]

I can take this.

[remal]

@jzheaux, @evgeniycheban, how can this functionality be used?

My goal is to add RoleHierarchy to @Secured functionality. Unfortunately, I couldn't find a way to customize SecuredAuthorizationManager by any customizer or BeanPostProcessor.