SEC-2345: Run OWASP Zap against Spring Security

[Rob Winch](https://jira.spring.io/secure/ViewProfile.jspa?name=rwinch) (Migrated from [SEC-2345](https://jira.spring.io/browse/SEC-2345?redirect=false)) said:

https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
