AuthZ Regression: PolicyEvaluator always passes HttpContext for resource

[HaoK]

See line: https://github.com/aspnet/Security/blob/dev/src/Microsoft.AspNetCore.Authorization.Policy/PolicyEvaluator.cs#L80

The resource should be taken by IPolicyEvaluator.AuthorizeAsync() and passed into the IAuthorizationService instead of always passing in the HttpContext.

This is a regression from 1.0 in MVC where there's no longer any way to access the AuthorizationFilterContext from a policy requirement. Previously the context.Resource was set to the AuthorizationFilterContext.

Fix is #1328

[Eilon]

Approved for 2.0, incl. the MVC and SignalR changes:

• Fix AuthZ Regression Mvc#6574
• React to AuthZ change SignalR#675

[HaoK]

869d98e