Prevent disabled user from logging in on reactive applications

[eleftherias]

Summary

In servlet applications, if a user account is disabled, locked or expired, then the user is not permitted to log in.
In reactive applications, the user is still permitted to log in regardless of their account status.

The reactive applications should behave like the servlet application by default, and prevent disabled, locked or expired accounts from logging in.

[eleftherias]

This functionality is handled by the pre and post authentication checks in the AbstractUserDetailsAuthenticationProvider for servlet applications.
Reactive applications do not have pre authentication checks and have a noop post authentication check, as seen in UserDetailsRepositoryReactiveAuthenticationManager.
Instead, they should have the same checks that the servlet applications have.
Additionally, there should be a higher level class, similar to AbstractUserDetailsAuthenticationProvider for reactive applications, where these checks are defined.