Enable HttpContext and friends to modify endpoint metadata

[twsouthwick]

Summary

HttpContext.SkipAuthorization and HttpContext.SetSessionStateBehavior adjust what is being done for auth or session. These concepts in ASP.NET Core are done by the metadata associated with an endpoint. These are readonly-containers, so it may not be easy to modify them per-endpoint

Motivation and goals

This would enable code that wants to turn auth/session on/off in legacy code with System.Web.HttpContext to work as expected.

In scope

• System.Web.HttpContext.SkipAuthorization
• System.Web.HttpContext.SetSessionStateBehavior
• System.Web.SessionState.SessionStateBehavior
• System.Web.HttpResponse.BufferResponse

[twsouthwick]

this has been enabled for a number of the behaviors. We'll close this and reopen any issues for specific ones that arise