Remove Servlet Spec 2.5 and 3.0 support

[jzheaux]

The Spring Framework baseline moved to Servlet Spec 3.1 as of 5.x. This means that Spring Security can drop support for Servlet Spec 2.5 and 3.0.

Note that this is tangentially related to #6025 since some of Spring Security's PowerMock usage surrounds mocking a Servlet Spec 2.5 and 3.0 runtimes.

• Remove Servlet 2.5 Support for Session Fixation #6259 Remove Session Fixation Servlet 2.5 Support
• Remove Servlet Spec 2.5 Support for SecurityContextHolderAwareRequestFilter #6260 Remove SecurityContextHolderAwareRequestFilter's Servlet 2.5 Support
• Remove Servlet Spec 2.5 Support for HttpSessionSecurityContextRepository #6261 Remove HttpSessionSecurityContextRepository's Servlet 2.5 Support
• Remove Servlet Spec 2.5 and 3.0 Support for CSRF #6262 Remove Csrf Servlet 2.5 and 3.0 Support
• Remove Servlet 2.5 and 3.0 Support for Remember Me #6263 Remove Remember Me Servlet 2.5 and 3.0 Support
• Remove Servlet 3.0 Support in AbstractRequestMatcherRegistry #6264 Remove AbstractRequestMatcherRegistry's Servlet 3.0 Support
• Remove Servlet 3.0 Support in CacheControlHeadersWriter #6265 Remove CacheControlHeadersWriter's Servlet 3.0 Support

[raphaelDL]

How do we approach this?

[jzheaux]

@raphaelDL Since it manifests itself in a few different features, I'll create some subtasks that are each targeted at an individual feature. I think that will result in completing this with greater confidence.