Support AliasFor

Closes gh-15436

core/src/main/java/org/springframework/security/authorization/method/AuthorizationAnnotationUtils.java

@@ -136,11 +136,7 @@ final class AuthorizationAnnotationUtils {
 			Class<A> annotationType, Function<MergedAnnotation<A>, A> map) {
 		MergedAnnotations mergedAnnotations = MergedAnnotations.from(annotatedElement, SearchStrategy.TYPE_HIERARCHY,
 				RepeatableContainers.none());
-		List<A> annotations = mergedAnnotations.stream(annotationType)
-			.map(MergedAnnotation::withNonMergedAttributes)
-			.map(map)
-			.distinct()
-			.toList();
+		List<A> annotations = mergedAnnotations.stream(annotationType).map(map).distinct().toList();
 
 		return switch (annotations.size()) {
 			case 0 -> null;

core/src/test/java/org/springframework/security/authorization/method/AuthorizationAnnotationUtilsTests.java

@@ -90,11 +90,7 @@ class AuthorizationAnnotationUtilsTests {
 	void composedMergedAnnotationsAreNotSupported() {
 		Class<?> clazz = ComposedPreAuthAnnotationOnClass.class;
 		PreAuthorize preAuthorize = AuthorizationAnnotationUtils.findUniqueAnnotation(clazz, PreAuthorize.class);
-
-		// If you comment out .map(MergedAnnotation::withNonMergedAttributes) in
-		// AuthorizationAnnotationUtils.findDistinctAnnotation(), the value of
-		// the merged annotation would be "hasRole('composedRole')".
-		assertThat(preAuthorize.value()).isEqualTo("hasRole('metaRole')");
+		assertThat(preAuthorize.value()).isEqualTo("hasRole('composedRole')");
 	}
 
 	private interface BaseRepository<T> {