Record HTTP client metrics when spring-security requests OAuth2 resources from an authorization server

[simondemartini]

When including the spring-boot-starter-oauth2-resource-server, it would be nice if external requests made by Spring Security were included in the default Micrometer http client metrics. Including these would give visibility and better insight into the performance of the authorization servers.

In many cases it might not be too hard to add. For example, the default JwtDecoder in the OAuth2ResourceServerJwtConfiguration is built by NimbusJwtDecoder which uses it's own RestTemplate instance behind the scenes. It looks like the JwkSetUriJwtDecoderBuilder we use for this already has an option to provide a custom RestOperations. We could use this to set the default RestTemplateBuilder instance to get those metrics with minimal effort.

[wilkinsona]

#20750 is related to this.