I created a GitHub issue here: https://github.com/spring-projects/spring-security/issues/16367.

Turns out that this was a more or less unintentional change that, as of writing this, will be undone with the next point release.