feat: Make SSO re-authentication configurable for SSLAuthenticator

[attil1o]

This pull request introduces a new boolean attribute, allowSsoReauthentication, to provide control over the SSO re-authentication behavior in the SSLAuthenticator.

Description

The changes include:

• Adding the allowSsoReauthentication attribute to AuthenticatorBase, along with its corresponding getter and setter methods.
• Updating SSLAuthenticator to use the value of allowSsoReauthentication when checking for a cached authentication, allowing it to proceed with re-authentication if enabled.
• Exposing the allowSsoReauthentication attribute in the MBean descriptor for AuthenticatorBase and SSLAuthenticator, making it configurable at runtime.

By defaulting to false, the existing secure behavior is maintained, while providing administrators the option to enable it when their security requirements permit.

Motivation

The SSLAuthenticator is designed to enforce a higher level of security by requiring client certificate authentication. As part of this, it currently prevents re-authentication from an existing Single Sign-On (SSO) session that may have been established using a weaker authentication method (e.g., FORM or BASIC).

While this is a secure default, it is not currently configurable. There are use cases where an administrator may want to allow re-authentication from an SSO session, even if the original authentication was weaker, to provide a more seamless user experience. This change introduces the necessary flexibility to support such scenarios.