ReactiveAuthorizationManager + Reactive Method Security

[jzheaux]

We should provide an implementation of Reactive Method Security that leverages ReactiveAuthorizationManager similar to gh-9289 The implementation should support:

• Support Mono<Boolean> for Method Security SpEL expressions #4841 It should support SpEL expressions that return both Boolean and Mono<Boolean>
• It should support Mono<Authentication>
• It should support reactive and non reactive arguments. Reactive types should not be subscribed to unless they are used.
• It should support not resolving the Mono<Authentication> if it was not used (i.e. if permitAll was used there is no need to resolve the Authentication)
• Simplify Custom Method Authorization #5664

For full support this may require updates to SpEL support to support Reactor (i.e. it likely needs to support lambdas) but beans can easily return reactive types that would be supported by SpEL.

Related to #9289, #5249, and #4841

Once #9289 is addressed, we could consider applying the same model to reactive method security.

[evgeniycheban]

@jzheaux I can take this.

[jzheaux]

Great, @evgeniycheban! It's yours. I'd recommend waiting until #9630 is merged before proceeding.

[rwinch]

@evgeniycheban Thanks for volunteering to work on this issue. I've updated the description to include more detailed requirements. I think you can start on this issue before we merge the mentioned PR, but base it off the branch with gh-9630