Clarify @WithSecurityContext thread scope

[wonderfulrosemari]

Closes gh-3721

Clarify that @WithMockUser, @WithUserDetails, and @WithSecurityContext
populate SecurityContextHolder for the test thread.

Document that this works for method-security tests and for MockMvc when using
testSecurityContext(), but does not automatically apply to full HTTP client
tests against a running server because those requests execute on different threads.

Also add guidance to authenticate end-to-end HTTP requests directly
(for example, HTTP Basic or Bearer token).

[jzheaux]

Thanks, @wonderfulrosemari! I've left some feedback inline.

[jzheaux]

Hi, @wonderfulrosemari, thanks again for your updates.

Unfortunately, I don't think this sufficiently addresses #3721 since the question in that issue is about JAX-RS, not REST-assured, and because JAX-RS tests can run in-memory, which is likely the use case that #3721 is about. That is, explaining what to do when tests and the server run on separate threads is not the use case that the OP was raising.

In addition to my inline feedback, will you please remove "Closes gh-3721" from the updated commit message?

[jzheaux]

@wonderfulrosemari thank you again for your responsiveness during this PR! I went ahead and applied my remaining review commits. Your PR is merged in 47bafbd38d3d74bd13733c595ffa8173e2ef8447 and my polish is e7416dfaba33968d95bcafd19d9ff553a88c9d59 on main.