Session API usage

[mbabker]

The manner in which the application uses the session should be refactored. Key issues:

• JApplicationCms::__construct() codes a default behavior to use sessions which are manually started in the constructor's context; the loadSession() method should be extracted into a service provider and the call to $session->start() removed from the application's bootup sequence
• JApplicationCms::checkToken() forces a session record to be written to the #__session table regardless of the session handler type
• JApplicationCms::checkToken() also performs functions that belong to the session handler's garbage collection mechanism (see ignored PR joomla/joomla-cms#6608)

[nibra]

Moved to joomla/joomla-cms#10746