Adjusts setRequestHandler javadoc in CsrfFilter

Adjusts setRequestHandler method javadoc in CsrfFilter class to reflect
changes in 6.0.

In 6.0, the default CsrfTokenRequestHandler changed to
XorCsrfTokenRequestAttributeHandler, however, the javadoc for the
setRequestHandler method still said it was
CsrfTokenRequestAttributeHandler.

This change adjusts the information to make it more accurate, because,
although XorCsrfTokenRequestAttributeHandler is a subclass of
CsrfTokenRequestAttributeHandler, the behavior is quite different.

Closes gh-12464

Author: wldomiciano

web/src/main/java/org/springframework/security/web/csrf/CsrfFilter.java

@@ -170,7 +170,7 @@ public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) {
 	 * {@link CsrfToken} available as a request attribute.
 	 *
 	 * <p>
-	 * The default is {@link CsrfTokenRequestAttributeHandler}.
+	 * The default is {@link XorCsrfTokenRequestAttributeHandler}.
 	 * </p>
 	 * @param requestHandler the {@link CsrfTokenRequestHandler} to use
 	 * @since 5.8