Prior to this change, "HttpBasicSpec#authenticationManager" and "FormLoginSpec#authenticationManager" were always overridden by "ServerHttpSecurity#authenticationManager". This commit makes sure override only happens when custom authentication manager was not specified. Fixes: gh-5660