SEC-2002: Added events to notify of session ID change

[beamerblvd]

Session fixation protection, whether by clean new session or
migrated session, now publishes an event when a session is
migrated or its ID is changed. This enables application developers
to keep track of the session ID of a particular authentication
from the time the authentication is successful until the time
of logout. Previously this was not possible since session
migration changed the session ID and there was no way to
reliably detect that.

Revised changes per Rob Winch's suggestions. All of the events
have been consolidated into the one event, as requested. The
ApplicationEventPublisher in SessionFixationProtectionStrategy is
initialized to a NullEventPublisher now, as requested. The commit
is much simpler and more concise than previous commits. Instead
of changing existing unit tests, I only added new unit tests to test
my new behavior. The existing unit tests remain to demonstrate that
old behavior (without ApplicationEventPublisher) hasn't been
affected.

Apologies in advance that the imports for
SessionFixationProtectionStrategy have been reorganized. It
would seem that no two classes in SpringSecurity have their import
statements ordered/organized the same way. This makes it hard to
work in an IDE. I had to import new files, so my IDE was going to
reorder them. I set up my import settings so that my changes
would reorder the changes in only one file instead of all three that
I changed. That was the best I can get it. At least, the reorder
of imports improved the code. More consistency now.

Hopefully this pull request is much more satisfactory than
pull request #30, which can now be closed at your leisure.

[rwinch]

Thanks Nick. I will take a look at this tomorrow

[rwinch]

Thanks again for following up with this pull request. I have merged your changes. I made very minor updates 7bc87cf, but otherwise looked good :)

[beamerblvd]

Excellent! Thanks!