Move and rename OAuth2IntrospectionClaimAccessor/Names

[jgrandja]

We should move and rename OAuth2IntrospectionClaimAccessor and OAuth2IntrospectionClaimNames to allow for reuse.

Currently, the classes reside in org.springframework.security.oauth2.server.resource and are used by oauth2-resource-server for introspecting opaque access tokens. This is a "specialized flow" used by an OAuth 2.0 Client, since authentication is required at the Introspection Endpoint using client credentials or a bearer token.

Moving both classes to org.springframework.security.oauth2.core (oauth2-core module) will allow for reuse on the Authorization Server side spring-authorization-server#52.

As well, renaming OAuth2IntrospectionClaimAccessor to OAuth2TokenIntrospectionClaimAccessor and OAuth2IntrospectionClaimNames to OAuth2TokenIntrospectionClaimNames is explicit on "what is being introspected" (a token) and aligns with the spec language.

NOTE:

This is scheduled for 5.6.x with the following plan:

1. Add OAuth2TokenIntrospectionClaimAccessor and OAuth2TokenIntrospectionClaimNames
2. @Deprecate OAuth2IntrospectionClaimAccessor and OAuth2IntrospectionClaimNames

[qavid]

@jgrandja @jzheaux I have prepared PR #9903 for this issue. Please take a look at it.