Support Externalized Method Security Configuration

[rwinch]

There are times that users cannot add annotations to objects or APIs that they want to secure. For example, consider if an team external provides a PersonService and team internal wants to add security to it. At the moment, the security must be done by adding intercept-methods style configuration.

A similar situation occurs when using Collections of objects. In this case, Spring Security provides custom Filtering. This could potentially be used to replace the @PreFilter and @PostFilter support.

I think that these situations are very similar and can be combined into an approach similar to Jackson's MixIn Approach.