Add XML configuration guidance to authorizeRequests deprecation warning

When using XML configuration with <intercept-url>, Spring Security
internally registers a FilterSecurityInterceptor, which triggers
the authorizeRequests deprecation warning. However, the warning
message previously provided no actionable guidance for XML users.

This commit adds a note to the deprecation warning indicating that
XML users should add use-authorization-manager="true" to their
<http> element to migrate to the modern authorization model.

Closes gh-17259

Author: s-chan-o

config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java

@@ -126,7 +126,9 @@ private void checkAuthorizationFilters(List<SecurityFilterChain> chains) {
 			}
 			if (filterSecurityInterceptor != null) {
 				this.logger.warn(
-						"Usage of authorizeRequests is deprecated. Please use authorizeHttpRequests in the configuration");
+						"Usage of authorizeRequests is deprecated. Please use authorizeHttpRequests in the configuration. "
+								+ "If you are using XML configuration with <intercept-url>, "
+								+ "add use-authorization-manager=\"true\" to your <http> element.");
 			}
 			authorizationFilter = null;
 			filterSecurityInterceptor = null;

config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java

@@ -132,6 +132,15 @@ public void validateCheckLoginPageAllowsAnonymous() {
 				+ "access to the configured login page. (Simulated access was rejected)");
 	}
 
+	@Test
+	void validateWhenOnlyFilterSecurityInterceptorThenWarnWithXmlGuidance() {
+		this.validator.validate(this.chain);
+		verify(this.logger).warn(
+				"Usage of authorizeRequests is deprecated. Please use authorizeHttpRequests in the configuration. "
+						+ "If you are using XML configuration with <intercept-url>, "
+						+ "add use-authorization-manager=\"true\" to your <http> element.");
+	}
+
 	// SEC-1957
 	@Test
 	public void validateCustomMetadataSource() {