Log IP / User Agent for invalid ApiKeys and JWTs

[valentijnscholten]

Currently when an invalid ApiKey or JWT is provided, only the string Invalid API key asserted or Invalid JWT asserted is logged.

https://github.com/stevespringett/Alpine/blob/3793e56306852b49651a729bf344ef070fb2c38b/alpine-server/src/main/java/alpine/server/filters/AuthenticationFilter.java#L65-L85

Suggested change is to log also IP and User Agent, similar to other security events being logged.

I tried a quick PR to do the as in AlpineResource but not sure if injecting a HttpServletRequest here is appropiate. Maybe a global logSecurityEvent utility method should be made supporting all scenario's.

https://github.com/stevespringett/Alpine/blob/3793e56306852b49651a729bf344ef070fb2c38b/alpine-server/src/main/java/alpine/server/resources/AlpineResource.java#L341-L365