Merge branch '7.3' into 7.4

* 7.3:
  [SecurityBundle] Fix semantic configuration for singulars/plurals in XML
  [JsonPath] Make the component RFC compliant
  Fix `#[IsCsrfTokenValid]` to ensure `$tokenKey` is non-nullable

Author: nicolas-grekas

Attribute/IsCsrfTokenValid.php

@@ -29,7 +29,7 @@ public function __construct(
         /**
          * Sets the key of the request that contains the actual token value that should be validated.
          */
-        public ?string $tokenKey = '_token',
+        public string $tokenKey = '_token',
 
         /**
          * Sets the available http methods that can be used to validate the token.