Closes gh-14352

[Crain-32]

The goal of #14352 is to begin introducing a more strongly typed Authentication object into the Spring Security Ecosystem. This should hopefully (My fingers are crossed) help slowly reduce some overhead for developers across the board as the general flow of User -> Authentication Object can be made more clear with people being able to see they should put a UserDetails Object in the Principal to align with Spring Security's Testing Support, along with being able to see the flow of Types through Spring Security, where now you just see Object passed everywhere.

For this PR I left it at adding in the interface and replicating the simple UsernamePasswordAuthenticationToken with the new interface, along with creating a new AbstractUserDetailsAuthentication<?, ?> which mirrors the AbstractAuthenticationToken, but requires the Principal object to be a UserDetails implementation. I believe swapping the UsernamePasswordAuthenticationToken for the UsernamePasswordTypedAuthenticationToken<?> to be a breaking change, and will leave that level of integration to the hands of the larger Spring Team.

Additionally I swapped the AbstractAuthenticationToken.eraseSecret(String)'s instance check to be a more modern capture group, as I was already reviewing that entire class.

Last thing to note is at the time of this PR #14352 is still in "waiting-for-triage", but I had a free afternoon and felt like trying this out, figured that might also help triage effort as at least for me, seeing code makes life a lot easier.

[Crain-32]

Another thing to note. I was very torn on if this should be a public or private constructor. In a review of how UsernamePasswordAuthenticationToken is handled, I arrived to the conclusion the maximum visibility should be protected, however with no sub-classes or other reasons to expose it, I left it as private.

[sjohnr]

Closing this PR for now per this comment.