Aspnetcore.docs: Document the fact that custom AuthorizationHandlers will still execute even if *authentication* fails

When using requirement-based policies, it seems that all custom AuthorizationHandlers will still execute even if token validation fails. (For example expired token.)

Why does this matter?
Some AuthorizationHandlers could perform some relatively time-intensive/expensive tasks. If _authentication_ fails, there is a high chance users wouldn't want their custom AuthorizationHandlers to start evaluating requirements.

Rough draft
"Note: If token authentication fails (due to expired token, invalid cryptographic signature, etc), you may want to exit the AuthorizationHandler.HandleAsync() early. You can do this by checking context.Principal.Identity.IsAuthenticated:"

        public Task HandleAsync(AuthorizationHandlerContext context)
        {
            if (!context.User.Identity.IsAuthenticated)
            {
                return Task.CompletedTask;
            }

            // Perform expensive authorization
        }

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: b1141d92-adeb-6841-229f-914c808f9a2b
• Version Independent ID: 7089b376-949f-c1c6-c37a-5d8cc7ecf104
• Content: Policy-based authorization in ASP.NET Core
• Content Source: aspnetcore/security/authorization/policies.md
• Product: aspnet-core
• GitHub Login: @Rick-Anderson
• Microsoft Alias: riande