bug #29621 [Security] Prefer clone() over unserialize(serialize()) for user refreshment (chalasr)

This PR was merged into the 3.4 branch.

Discussion
----------

[Security] Prefer clone() over unserialize(serialize()) for user refreshment

| Q             | A
| ------------- | ---
| Branch?       | 3.4
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #29459
| License       | MIT
| Doc PR        | n/a

To not hit the `serialize()` bug reported in the related ticket

Commits
-------

a8eba803a3 [Security] Prefer clone over unserialize(serialize()) for user refreshment

src/Symfony/Component/Security/Http/Firewall/ContextListener.php

@@ -170,7 +170,7 @@ class ContextListener implements ListenerInterface
 
             try {
                 $refreshedUser = $provider->refreshUser($user);
-                $newToken = unserialize(serialize($token));
+                $newToken = clone $token;
                 $newToken->setUser($refreshedUser);
 
                 // tokens can be deauthenticated if the user has been changed.