Standardise context id for web layer

[arjantijms]

Jakarta Authorization uses a context id to associate methods with a given app running on an application server.

For Jakarta Authentication, in the web layer, we have standardised such an ID. We should do the same for Jakarta Authorization (and use the same ID). As Enterprise Beans is effectively deprecated, we should leave the context ID for that as it's now, i.e. vendor specific.

As an example, in GlassFish the vendor specific context ID is now:

// in webBundleDescriptor
getApplication().getRegistrationName()) +
'/' +
getApplication().isVirtual()? 
    getApplication().getRegistrationName() : 
    getModuleDescriptor().getArchiveUri();

The standard 'appContextId' used by Jakarta Authentication:

servletContext.getVirtualServerName() + 
" " + 
servletContext.getContextPath();

[arjantijms]

This hasn't received much attention, and there's no time left to do this for 3.0 I'm afraid.

It's probably also not as simple as re-using the ID for Jakarta Authentication, as that has always been set per "host" (virtual server name), while the policy context ID for Jakarta Authorization has been the same for all hosts. Whether or not authentication modules should be distinct per host, but authorization modules shared between hosts is an open question. This question may need some more time to answer correctly.