Spring Security AuthorizationManager should support returning an AuthorizationResult

It would be nice for AuthoriationManager to code to the AuthorizationResult interface like so:

default AuthorizationResult authorize(Supplier<Authentication> authentication, T object) {
    return check(authentication, object);
}

This will allow implementations to code to an interface instead of a concrete class.

In turn, check should be deprecated and classes in Spring Security should call authorize instead.

As when deprecating other methods, the existing tests should remain as-is to ensure that deprecated functionality continues to work.