Favor PathPatternParser Over HandlerMappingIntrospector

[jzheaux]

Closes #13562

Instead of needing a HandlerMappingIntrospector instance, applications can now do the following to simplify specifying the servlet path in the Java DSL:

import static org.springframework.security.web.util.matcher.ServletRequestMatcherBuilders.servletPath;

@Bean 
SecurityFilterChain webSecurity(HttpSecurity http) throws Exception {
    http
        .authorizeHttpRequests((authorize) -> authorize
            .requestMatchers(servletPath("/graphql").anyRequest()).hasRole("GRAPHQL")
            .requestMatchers(servletPath("/mvc").pattern("/these/**", "/endpoints/**")).hasRole("USER")
            .requestMatchers(servletPath("/mvc").pattern("/admin/**")).hasRole("ADMIN")
        // ....

    return http.build();
}

To apply one across all DSL instances, do:

@Bean 
RequestMatcherBuilder mvcOnly() {
    return ServletRequestMatcherBuilders.servletPath("/mvc");
}

@Bean 
SecurityFilterChain webSecurity(HttpSecurity http) throws Exception {
    http
        .authorizeHttpRequests((authorize) -> authorize
            .requestMatchers(antPattern("/graphql/**")).hasRole("GRAPHQL")
            .requestMatchers("/these/**", "/endpoints/**").hasRole("USER")
            .requestMatchers("/admin/**").hasRole("ADMIN")
        // ....

    return http.build();
}

This second one is quite handy for when Spring MVC has a non-root servlet path. For example, there may be an option for Spring Boot to publish this bean since it knows when a servlet path has been specified in Boot properties

This PR also produces PathPatternRequestMatcher, which allows for specifying a PathPatternParser.

Questions:

• Can we favor PathPatternRequestMatcher in a minor release? MvcRequestMatcher post-processors added to the ObjectPostProcessor<Object> would not have an effect in that case, meaning that the change isn't passive.

[jzheaux]

Closed in favor of #16499