ServletBearerExchangeFilterFunction should propagate Authentication

[jzheaux]

Related to #7353 (comment)

ServletBearerExchangeFilterFunction consults the SecurityContextHolder directly when looking up the current Authentication. This is because it was initially designed to only read from the main thread.

This is limiting, however, in situations where the Authentication may be needed off of the main thread. Consider the toy example below:

ServletBearerExchangeFilterFunction bearer = new ServletBearerExchangeFilterFunction();
WebClient webClient = WebClient.builder()
		.filter((request, next) -> Mono.deferWithContext(ctx -> next.exchange(request)))
		.filter(bearer)
		.build();

return webClient.get()
		.uri("https://endpoint.example.org")
		.retrieve()
		.bodyToMono(String.class)
		.timeout(Duration.ofMillis(10000))
                .retry(3, TimeoutException.class::isInstance)
		.block();

With this setup, the ServletBearerExchangeFilterFunction will not be executed on the main thread, meaning that SecurityContextHolder will not be available.

ServletBearerExchangeFilterFunction could be enhanced, though, by introducing a Hooks.onLastOperator that adds the Authentication to the reactor context so that more complex scenarios like the above work.