Make session serializable (#121)

When re-deploying the application, or restarting Tomcat, it will attempt to serialize the active sessions to prevent users from getting logged out and losing in-progess work. This requires that all attributes that are stored in the session implement `java.io.Serializable`. Spring stores the entire security context in the session which includes a reference to the principal, and that principal may be of type "WicketControlledPrincipal" and it must therefore be serializable.

## How to test
1. Be on the `develop` branch
2. Make sure session preservation is turned on (in IntelliJ check "Preserve sessions across restarts and redeploys", or read https://tomcat.apache.org/tomcat-10.0-doc/config/manager.html#Persistence_Across_Restarts)
3. Log in as the default admin `dev@localhost`
4. Switch to "Sture Student" under "Admin / Users / Switch user"
5. Restart Tomcat
6. Refresh page and you'll be prompted to log in again
7. Switch to this branch and repeat step 1-6

Reviewed-on: #121
Reviewed-by: Nico Athanassiadis <nico@dsv.su.se>
Co-authored-by: Andreas Svanberg <andreass@dsv.su.se>
Co-committed-by: Andreas Svanberg <andreass@dsv.su.se>

war/src/main/java/se/su/dsv/scipro/war/CurrentUserFromSpringSecurity.java

@@ -4,6 +4,7 @@ import jakarta.inject.Inject;
 import jakarta.inject.Provider;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import java.io.Serializable;
 import java.security.Principal;
 import java.util.Collections;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -81,7 +82,7 @@ public class CurrentUserFromSpringSecurity implements AuthenticationContext {
         return authentication.getName();
     }
 
-    private static final class WicketControlledPrincipal implements Principal {
+    private static final class WicketControlledPrincipal implements Principal, Serializable {
 
         private final String username;