* pr/4300:
  Make OPTIONS/TRACE request handling configurable

Add properties to WebMvcProperties allowing control of if TRACE/OPTIONS
requests should go through the regular dispatching chain.

Closes gh-4300

* pr/4237:
  Switch MongoCredential method

Update MongoProperties to use `MongoCredential.createCredential` rather
than `MongoCredential.createMongoCRCredential`. This allows connections
to Mongo 3.0 servers to authenticate using the SCRAM-SHA-1 mechanism.

Closes gh-4237

* pr/4335:
  Polish
  Use Ordered.HIGHEST_PRECEDENCE constants

Use Ordered.HIGHEST_PRECEDENCE rather than Integer.MIN_VALUE.

Closes gh-4335

* pr/4362:
  Add config properties before default properties

Update ConfigFileApplicationListener so that configuration properties
are added before `defaultProperties` if they exist.

Fixes gh-4362

* pr/4371:
  Don't remove PID file before stopping the service

Update the launch script so that the PID file is not longer removed at
the beginning of the stop method. Prior to this commit if a service
wasn't able to stop on the first run, it wasn't possible to use the
launch script anymore.

Fixes gh-4369
Closes gh-4371

See gh-4419

See gh-4419

* pr/4383:
  Secure actuator when all endpoints are sensitive

Previously if every actuator endpoint was marked as sensitive, then all
endpoints were marked as permitted.

This commit ensures that if all endpoints are marked as sensitive, then
all the endpoints are secured.

Fixes gh-4368
Closes gh-4383

Add support for an `endpoint.sensitive` property that can be used to
override the endpoint `sensitive` default.

Fixes gh-4419

Rename HAL and docs MVC endpoints so that classnames consistently end
with MvcEndpoint. Also rename integration tests so that they are grouped
together in the IDE.

* pr/4399:
  Remove unused parameter in Security configuration

Update SecurityFilterAutoConfiguration.securityFilterChainRegistration
to remove unused ApplicationContext parameter.

Closes gh-4399

The CLI application advertises `-cp` support but it appears that only
`--cp` is really supported. The fix for gh-178 forgot to update the
call to `getParser().parse(...)`.

See gh-178

* pr/4407:
  Upgrade PostgreSQL JDBC driver to 9.4-1205

Closes gh-4407

* pr/4414:
  Don't use `kill -hup` in the launch script

The HUP signal was being used to stop the service and for some reason,
sometimes it was being ignored. This commit change forces the use of the
TERM signal (the default signal of kill).

Fixes gh-4378
Closes gh-4414

* pr/4406:
  Allow security AuditListener overrides

Introduce `AbstractAuthenticationAuditListener` and
`AbstractAuthorizationAuditListener` classes so that users can
extended them to replace the auto-configured defaults.

Closes gh-4406

See gh-4415

Update ConfigurationPropertiesReportEndpoint so that property prefixes
are also considered when sanitizing values.

Fixes gh-4415

* pr/4408:
  Upgrade to Undertow 1.3.5.Final

Closes gh-4408

Update EmbeddedWebApplicationContext so that the servlet container is
shutdown after the context is closed. Unfortunately shutting the
container down before the context has been closed causes exceptions if
the `/shutdown` actuator endpoint is used. It can also cause the Tomcat
classloader to throw IllegalStateExceptions if resources are accessed
during shutdown.

As this commit effectively reverts 0069e41c we need to fix the shutdown
deadlock issue reported in gh-4130 in a different way. The deadlock can
be caused when an incoming HTTP connection occurs whilst the context is
closing. The incoming connection triggers the `FrameworkServlet` to
call `initWebApplicationContext` which in turn calls `refresh`. The
`FrameworkServlet` checks `ApplicationContext.isActive()` before
performing an initialization but prior to this commit we would set
active to `false` before stopping the servlet container. We now override
`onClose` rather than `doClose` in `EmbeddedWebApplicationContext` to
ensure that the active flag is only set to `false` once the servlet
container has been stopped.

See gh-4130
Fixes gh-4396

Spring Initalizr now bundles a wrapper script for the build system. While
that wrapper has the necessary execute flag in the zip archive, that flag
is lost as the zip abstraction does not honor those.

The init command now makes sure to restore the execute flag on `mvnw`
and `gradlew` if necessary.

Unfortunately, this can't be tested as the Windows build would fail to
assert that the executable flag has been propertly set.

Closes gh-4392