Consistently use empty map for missing additional parameters

This is not only more consistent with the other tokens which use an empty map, but also more in line with the documentation (at least for `OAuth2DeviceVerificationAuthenticationToken`).

Author: TheMrMilchmann

Diff for: oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceAuthorizationRequestAuthenticationToken.java

@@ -96,7 +96,7 @@ public OAuth2DeviceAuthorizationRequestAuthenticationToken(Authentication client
 		this.deviceCode = deviceCode;
 		this.userCode = userCode;
 		this.authorizationUri = null;
-		this.additionalParameters = null;
+		this.additionalParameters = Collections.emptyMap();
 		setAuthenticated(true);
 	}
 

Diff for: oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceVerificationAuthenticationToken.java

@@ -80,7 +80,7 @@ public OAuth2DeviceVerificationAuthenticationToken(Authentication principal, Str
 		this.principal = principal;
 		this.userCode = userCode;
 		this.clientId = clientId;
-		this.additionalParameters = null;
+		this.additionalParameters = Collections.emptyMap();
 		setAuthenticated(true);
 	}