Remove CookieBasedAuthenticationModeCondition from JwtCookieTokenReader

[sdelamo]

Discussed in #958

^{Originally posted by mitushy March 10, 2022}
If I'm not missing something, I think we can safely remove the authentication mode condition from JwtCookieTokenReader (and JwtCookieConfigurationProperties).
https://github.com/micronaut-projects/micronaut-security/blob/master/security-jwt/src/main/java/io/micronaut/security/token/jwt/cookie/JwtCookieTokenReader.java#L33

The use-case I'm looking at is:
A service that only consumes a token which was setup by another service - just needs to read it and validate it.

As it currently stands, I have to set both:

micronaut.security.authentication:  cookie
micronaut.security.token.jwt.cookie.enabled: true

for the JwtCookieTokenReader to be created, but the authentication: cookie enables a lot of other unnecessary stuff:

• Login/Logout Handlers
• which additionally sets up the Login/Logout controllers

There are multiple ways to work around this - explicitly disable login/logout endpoints or create my own subclass just so it is not influenced by the condition

@Singleton
class MyJwtCookieTokenReader extends JwtCookieTokenReader {}

but it would be nice to not have to do either - i.e we decouple the consumption of auth tokens from their generation.

Besides, the javadoc for SecurityConfigurationProperties#setAuthentication already hints that you probably should not be setting micronaut.security.authentication if you don't plan to handle login/logout.

/**
     * Defines which authentication to use. Defaults to null. Possible values bearer, session, cookie. Should
     * only be supplied if the service handles login and logout requests.
     * @param authentication Login Handler Mode
     */

[mitushy]

Thanks, @sdelamo. Btw, this seems to somewhat duplicate #419