`RequestMatcherDelegatingAuthorizationManager` should deny when no match

[rwinch]

In Spring Security 5, the default AuthorizationManager for RequestMatcherDelegatingAuthorizationManager abstains.

This default should be changed to instead deny.

As part of this commit, AuthorizationFilterParser should no longer add an any-matcher authenticated to the user's configuration.

[jgrandja]

@rwinch This appears to be a duplicate of gh-11963 ?