Move `user.is_authenticated` check to method so it can be overridden by subclasses

[theunraveler]

Hello. I'm try to subclass the SessionSecurityMiddleware middleware so that I can use it on something other than users authenticated with Django's auth framework. Most of the logic in process_request still applies, but I'd have to copy all of that over to my subclassed middleware in order to bypass the is_authenticated check.

This PR moves that check into a method on the middleware class so subclasses can just override that if they want to handle authentication a little differently. It also does the same for the call to django.contrib.auth.logout for the same reason.

Thanks!