Add Value-Type Ignore Support

[jzheaux]

This PR makes using @AuthorizeReturnObject practical on a more diverse set of classes and interfaces, including Spring Data interfaces.

A typical Spring Data interface begins like this:

public interface UserRepository extends CrudRepository<User, UUID> {
}

and because CrudRepository has methods that return primitive types like int count(), an application cannot use @AuthorizeReturnObject at the class level.

This is a reasonable default since the semantics around Spring Security method security annotations are that placing it at the class level is functionally equivalent to placing it on the method level. Since it would be an error to use @AuthorizeReturnObject on a method that returns an int, we want to error by default.

With this PR, an application can relax that behavior by doing:

@Bean 
Customizer<AuthorizationAdvisorProxyFactory> skipValueTypes() {
    return (factory) -> factory.setTargetVisitor(TargetVisitor.defaultsSkipValueTypes());
}

It incidentally introduces an inner interface AuthorizationAdvisorProxyFactory.TargetVisitor to simplify any kind of proxy customization of the target object.

The reason I like this approach is that it gives folks more power to customize how a given type is handled. The alternative is to not use @EnableMethodSecurity so that they can publish their own AuthorizationProxyFactory or possibly add a bean factory post-processor to inject their own authorization proxy factory implementation.

Here are some simple examples other than ignoring a type are to use different ProxyFactory settings or to programmatically visit an object:

TargetVisitor visitor = (proxyFactory, target) -> {
    if (target instanceof Function function) { // support a novel container type
        return (input) -> proxyFactory.proxy(function.apply(input));
    }
    if (target instanceof Map map) { // customize a supported container type
        Map proxies = new LinkedHashMap<>(map.size());
        for (Map.Entry entry : map.entrySet()) {
            proxies.put(proxyFactory.proxy(entry.getKey()), proxyFactory.proxy(entry.getValue()));
        }
        return Collections.unmodifiableMap(proxies);
    }
    if (target instanceof MyObject object) { // proxying nested target
        object.setX(proxyFactory.visit(object.getX());
        object.setY(proxyFactory.visit(object.getY());
        return object;
    }
    if (target class has some custom annotation) { // perform proxying differently
        ProxyFactory custom = ...
        custom.setAopProxyFactory(new MyAopProxyFactory())
        for (AuthorizationAdvisor advisor : proxyFactory) {
            custom.addAdvisor(advisor);
        }
        return custom.getProxy();
    }
    return null;
}

// ...

@Bean 
Customizer<AuthorizationAdvisorProxyFactory> customProxying() {
    return (f) -> f.setTargetVisitor(TargetVisitor.of(visitor, TargetVisitor.defaultsSkipValueTypes()));
}

Issue gh-14597