EndpointInvoker should publish a spring AccessDeniedEvent

[wvuchpd]

Describe your motivation

Hilla does not publish AuthorizationDeniedEvents when its access check fails as does Spring (see callers of org.springframework.security.authorization.AuthorizationEventPublisher#publishAuthorizationEvent)

We have a Security-Requirement to log all AuthorizationDeniedEvents. With Spring alone we could just use an @eventlistener on those and log them. We would like this to cover authorization-denials in hilla as well.

we use vaadin-bom 24.7.1

Describe the solution you'd like

Publish an AuthorizationDeniedEvent in com.vaadin.hilla.EndpointInvoker#invokeVaadinEndpointMethod

As a workaround we used a Spring-Aspect to handle this

    @Around("execution(public * com.vaadin.hilla.EndpointInvoker.invoke(..))")
    public Object translateDtoConstraintViolationMessage(final ProceedingJoinPoint joinPoint) throws Throwable {
        try {
            return joinPoint.proceed();
        } catch (final EndpointInvocationException.EndpointAccessDeniedException e) {
            // log authorization-denied events
            // use AuthorizationResult to use non-deprecated method
            final AuthorizationResult authResult = new AuthorizationDecision(false);
            authorizationEventPublisher.publishAuthorizationEvent(() -> SecurityContextHolder.getContext().getAuthentication(),
                                                                  Arrays.asList(joinPoint.getArgs()),
                                                                  authResult);
            throw e;
        }
    }

Describe alternatives you've considered

No response

Additional context

No response