Description
Allowing to specify a LiveComponent specific secret which, (if not specified, defaults to kernel.secret) would increase the security of the feature.
Namely, one use case we had is we wanted a Node app to be able to render correct live component blocks. To do that, it needs to share the key with Symfony's LiveComponent implementation to generate the signatures which get verified by Symfony for it to work. We'd prefer to not have to share the kernel.secret with the node app (even though it's internal and built by us, trusted) because that provides ways to attack the Symfony app in other ways (login links, RCE via fragments) assuming it leaks.
Simply making this secret configurable would improve the security overall because the secret would then have a tiny scope (only that one specific thing) and be intended to be shared with the Node collaborator.
A similar thing was done somewhere on Symfony main repo by @nicolas-grekas recently (login links?)