Inject current request in security handlers

[RobbeSneyders]

Fixes #1881 Fixes #1880 Fixes #1876

Alternative to #1750

This PR makes the current request available to the security handlers by injecting it as a keyword. I think this is a proper alternative to #1750, since this is the only place in the default middleware stack where I expect this to be needed.

[coveralls]

coverage: 94.217% (+0.003%) from 94.214% when pulling 20e5802d6513db6a610c6455c8755101c1721b49 on feature/inject-request-security into 211bdb03f6b20f7dc90fe0037e57cd142c48deb5 on main.