X-SCM-Session-ID and X-SCM-Client could now be send via query parameter

The use of query parameters is required for SSE, because the standard does not support header.
This works currently only for GET request to avoid parsing of request body.

scm-webapp/src/test/java/sonia/scm/security/BearerRealmTest.java

@@ -31,7 +31,6 @@
 
 package sonia.scm.security;
 
-import com.google.common.collect.ImmutableSet;
 import org.apache.shiro.authc.AuthenticationInfo;
 import org.apache.shiro.authc.UsernamePasswordToken;
 import org.junit.jupiter.api.BeforeEach;
@@ -42,7 +41,6 @@ import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
 
 import java.util.HashMap;
-import java.util.Set;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.jupiter.api.Assertions.assertThrows;
@@ -84,7 +82,7 @@ class BearerRealmTest {
 
   @Test
   void shouldDoGetAuthentication() {
-    BearerToken bearerToken = BearerToken.create("__session__", "__bearer__");
+    BearerToken bearerToken = BearerToken.create(SessionId.valueOf("__session__"), "__bearer__");
     AccessToken accessToken = mock(AccessToken.class);
 
     when(accessToken.getSubject()).thenReturn("trillian");