[FEATURE] Support for sessionless authentication
This feature enables authentication without the need of a session to
be started. This is useful for stateless services (e.g. REST) where
you don't want Flow to create a session cookie.
Authentication tokens which don't rely on a session simply implement
the SessionlessTokenInterface marker interface.
This patch reverts parts of the first implementation of sessionless
authentication introduced in https://review.typo3.org/#/c/18388
The original implementation was a breaking change with a few
unresolved side effects.
The implementation contained in this change set is backwards
compatible with already existing authentication tokens which
relied on sessions.
This patch also contains a small speed optimization for the CSRF
Protection pattern which assumes that no account has been
authenticated yet if the Authentication Manager is still a Dependency