Annotation authorizations should throw UnauthenticationException if the subject identity is not known.

Currently the AuthorizingAnnotationHandlers often perform an if-check to see if the Subject has roles or permissions, and if not, throws an UnauthorizedException. The Subject API already has assertion methods (checkRoles, checkPermission, etc) that correctly throw an UnauthenticationException if an authorization check is not possible. Those methods should be used in the AnnotationHandler implementations instead.