Update `ManagementWebSecurityAutoConfiguration` so that the
`managementSecurityFilterChain` bean has an explicit order.
Prior to this commit, the `managementSecurityFilterChain` would override
the `securityFilterChain` in `RemoteDevtoolsSecurityConfiguration` which
would prevent the remote devtools endpoint from being accessed.
See gh-25868