• closes: https://github.com/quarkusio/quarkus/issues/44511

When `@PreAuthorize` placed on endpoints requires secured method arguments, we need to divide security check into 2, one is done eagerly ("is authenticated") and one is done by CDI interceptors when secured method arguments are already available. This is valid for both RESTEasy and Quarkus REST used together with Spring Web, but we only need to test that https://github.com/quarkusio/quarkus/blob/9007580a2c4614fe13d88090fe0b67ef8b4d49e9/extensions/security/runtime-spi/src/main/java/io/quarkus/security/spi/runtime/SecurityCheck.java#L46 returns true (as the mechanism itself is heavily tested for other reasons). I don't know if in Spring you can pass secured method arguments for anonymous users as well, but that we won't support.