HstsSpec methods return this

HstsSpec methods maxAge and includeSubdomains use to return void
which broke using it as a fluent API.

The methods now return HstsSpec which fixes this issue.

Fixes: gh-5483

config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java

@@ -1439,16 +1439,18 @@ public class ServerHttpSecurity {
 			 * Configures the max age. Default is one year.
 			 * @param maxAge the max age
 			 */
-			public void maxAge(Duration maxAge) {
+			public HstsSpec maxAge(Duration maxAge) {
 				HeaderSpec.this.hsts.setMaxAge(maxAge);
+				return this;
 			}
 
 			/**
 			 * Configures if subdomains should be included. Default is true
 			 * @param includeSubDomains if subdomains should be included
 			 */
-			public void includeSubdomains(boolean includeSubDomains) {
+			public HstsSpec includeSubdomains(boolean includeSubDomains) {
 				HeaderSpec.this.hsts.setIncludeSubDomains(includeSubDomains);
+				return this;
 			}
 
 			/**

config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java

@@ -110,8 +110,9 @@ public class HeaderSpecTests {
 	public void headersWhenHstsCustomThenCustomHstsWritten() {
 		this.expectedHeaders.remove(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
 		this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=60");
-		this.headers.hsts().maxAge(Duration.ofSeconds(60));
-		this.headers.hsts().includeSubdomains(false);
+		this.headers.hsts()
+					.maxAge(Duration.ofSeconds(60))
+					.includeSubdomains(false);
 
 		assertHeaders();
 	}