Spring Security Replace SecurityContextHolder#addListener with SecurityContextHolder#setSecurityContextHolderStrategy

Since listening for security context changes happens at the strategy level, SecurityContextHolder#addListener leaks that abstraction.

Instead, let's replace addListener with setSecurityContextHolderStrategy and make ListeningSecurityContextHolderStrategy public. This will allow the listening support to remain with the strategy.

ListeningSecurityContextHolderStrategy should not need to peek the SecurityContext since the semantic difference between a null SecurityContext and one with a null Authentication is negligible.

An additional benefit to setSecurityContextHolderStrategy over addListener is that it simplifies removing a custom strategy that has references to objects that need garbage collecting.