Allow for cookie-only authentication, without ASP.NET Identity

[dt21x]

In Umbraco 8 it was possible to use cookie-based authentication on its own, bypassing the built-in Member management of Umbraco. This is useful in cases where people run their own OIDC service and don't want to have duplicate account entries in different databases.

In Umbraco 9, when it pulls in ASP.NET Identity, this is no longer an option. It would be nice to be able to use Cookie authentication without ASP.NET Identity ( as here: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/cookie?view=aspnetcore-5.0).

While it's possible to add an additional authentication and authorize accordingly, the antiforgery cookies are still trying to use Identity.Application, which results in a cookie for a different claims-based user on ValidateAntiforgeryToken.