Some changes to security implementation

Set default evaluation result to false and throw an AccessDeniedException.
SecurityExceptionControllerAdvice checks if there is an valid login and
decides whether to send HTTP 401 or HTTP 403.

Conflicts:
	src/test/java/de/thm/arsnova/controller/AbstractControllerTest.java