Resolves #267 Update the decorator mechanism to use a HttpMessageContextWrapper

[darranl]

This is instead of wrapping the HttpServletResponse.

[arjantijms]

This is fine. The prime purpose of the test is testing that a decorator works, and there is some dynamic behaviour to make it a little bit realistic.

Restoring the MessageInfo is not the purpose of the test and concerns had been raised about that on the mailing list. We should probably clarify the underlying Jakarta Authentication spec for that, and specifically emphasis what the goal (spirit) is of several rules stated there.