HttpSecurity should allow for `AuthorizationManager<? super RequestAuthorizationContext>`

[rwinch]

This allows an AuthorizationManager<Object> to be used. Similarly we should allow for AuthorizationManagerFactory<? super RequestAuthorizationContext>

NOTE: This worked because if AuthorizationManager<RequestAuthorizationContext> was not found it would look for AuthorizationManager<Object> as a fall back. Due to type erasure it was able to assign it to RequestMatcherDelegatingAuthorizationManager even though it wasn't the right type.

See spring-projects/spring-framework#31444

[therepanic]

Hi, @rwinch. May I also implement this issue?

[rwinch]

@therepanic Sorry. I missed assigning it to myself and I'm nearly done with it