Merge branch 'highlander' into 'master'

Correctly support fallback to local-users in the absence of SAML2 attributes when both local-users and preauth are active

The theme for this pull request:

![highlander](/uploads/f5de15a7b74cf0ba100c8326410f2eb2/highlander.jpg)

This refactor was needed as the prior code did not fully support the 'combined' approach with both local-users and preauth. In the previous iteration, 2 `WebSecurityConfigurerAdapters` and as a result, 2 `HttpSecurity` instances would have been registered, only one having any affect (typically the preauth, but not guarantees). Spring Security does not provide support for multiple `HttpSecurity` instances, there should be only one.
    
With this pull request, there is now only one WebSecurityConfigurerAdapter, whose sole purpose is to collect all HttpSecurityAmenders and execute their callback at the right time.  Te existing WebSecurityConfiguration classes for both profiles have been retrofitted to produce HttpSecurityAmenders that perform the desired behavior. The test cases provided in the sample-war have been updated to provide 2 combined test paths:
    
* 1 that has both profiles active, but demonstrates how fallback to HTTP Basic works, and
* 1 that has both profiles active, and includes the simulation filter to produce a successful preauthentication.

See merge request !3