Previously this could choose legacy security or elytron so no explicit dependency is defined, now however to be usable it needs an elytron security domain so should depend on the elytron layer.

This will also make it easier to add other default config needed by ee-security such as a default JACC policy.

The microprofile-jwt layer then just needs a dependency on ee-security as the elytron dependency will be satisifed by the chain.