Spring Security Consider adding PrincipalResolver to ExchangeFilterFunctions

We should align (Server|Servlet)OAuth2AuthorizedClientExchangeFilterFunction with OAuth2ClientHttpRequestInterceptor which introduces a PrincipalResolver as a flexible strategy for resolving the Authentication for a given request.

For ServletOAuth2AuthorizedClientExchangeFilterFunction, the interface could be:

@FunctionalInterface
public interface PrincipalResolver {

    @Nullable
    Authentication resolve(ClientRequest request);

}

For ServerOAuth2AuthorizedClientExchangeFilterFunction, it may need to return a Mono<Authentication> to accommodate ReactiveSecurityContextHolder:

@FunctionalInterface
public interface PrincipalResolver {

    @Nullable
    Mono<Authentication> resolve(ClientRequest request);

}