Fix authority handling in SecurityContext and change management routing
When using Spring roles, it expects a 'ROLE_' prefix for the authorities. Therefore, a 'hasAnyRole()' in the WebSecurityConfig did not work because authorities were missing that prefix.
Also rework management endpoints to the following:
- /management/ will route to /management