The EE security subsystem was integrated before we had the notion of virtual security domains with MP JWT and now OpenID Connect, this means we need to match against an application security domain mapping with Jakarta Authentication correctly configured.

As EE Security deployments are largely self contained for their security we should just use the virtual security domain approach.

We will likely need an attribute on the subsystem which defaults to false to turn on the virtual security domain support then set it to true in the default configuration, this will then mean we cam handle old configurations without backwards compatibility issues.