Internal Request Engine needs to clear security context
In order to get the security tokens matching the new request created in the internal request engine, the security context should be cleared using the "clearContext" method. This means that the tokens will be matched with the configuration from the routing based on the new request and not the parent request.
This breaks "TYPO3\TYPO3\Tests\Functional\Controller\Backend\BackendControllerSecurityTest::indexActionIsDeniedForEverybody", because it throws an uncaught exception in the AuthenticationProviderManager, since no tokens are available when trying to authenticate. The reason why there aren't any tokens is, that the tokens are separated active/inactive when initializing the security context. When clearing the context, the separate method is called again with the correct controller object names allowing request pattern matching.