Update OIDC TokenStateManager to return Uni

[sberyozkin]

Fixes #19670

It proved a bit more complicated than I thought it would be - but I believe it all works fine now. TokenStateManager has 3 methods, so I had to refactor CodeAuthenticationMechanism a little bit as the code parts which call TokenStateManager do not fit well into SecurityIdentity -> Uni<SecurityIdentity> transformation, so I just used call:

• CodeAuthenticationMechanism#processSuccessfulAuthentication is called on a new and refresh authentication request, after SecurityIdentity has been created, to create a cookie with a value from TokenStateManager#createTokenState but before completing authentication
• TokenStateManager#getTokens is called before the token is verified, to convert the cookie value into the tokens
• TokenStateManager#deleteTokens is called from 3 places in CodeAuthenticationMechanism, originally from CodeAuthenticationMechanism#removeToken but since removeCookie is also used for other cookies I moved TokenStateManager#deleteTokens call out of it into a dedicated removeSessionCookie

Updated one of the tests to actually stress CustomTokenStateManager#deleteTokens and updated the docs.

Also a few deprecation related updates related to the earlier fix from Stuart to TenantConfigResolver (with the update to 2.2 migration guide).

Nothing has changed as far as the actual OIDC processing is concerned.

Also CC @cescoffier