API Remove ALC renewal, tweak extension point

[Cheddam]

Description

The ALC token is no longer rotated during an active login. Also removed related replace_token_during_session_renewal config. The extension point that was previously provided in the renew() method has been renamed and is now triggered externally in the CookieAuthenticationHandler::authenticateRequest() method.

Co-dependent on related Login Session PR: silverstripe/silverstripe-session-manager#214

Manual testing steps

Checkout this PR along with the Session Manager PR and validate that remember me functionality is intact.

Issues

• Remember Me functionality fails when renewal is interrupted #11281

Pull request checklist

• The target branch is correct
  • See picking the right version
• All commits are relevant to the purpose of the PR (e.g. no debug statements, unrelated refactoring, or arbitrary linting)
  • Small amounts of additional linting are usually okay, but if it makes it hard to concentrate on the relevant changes, ask for the unrelated changes to be reverted, and submitted as a separate PR.
• The commit messages follow our commit message guidelines
• The PR follows our contribution guidelines
• Code changes follow our coding conventions
• This change is covered with tests (or tests aren't necessary for this change)
• Any relevant User Help/Developer documentation is updated; for impactful changes, information is added to the changelog for the intended release
• CI is green

[GuySartorelli]

Can you please rebase the PR? I think some of the CI failures are unrelated, but nothing's failing on a normal 6 run

[Cheddam]

@GuySartorelli Apologies for the wait on this one - I've rebased, and we're seeing the same error. Pretty sure this is valid - without the related change to the Session Manager module in place, it's no longer tweaking the session ID and therefore can't retain the logged in state correctly.