BUG: Security context is not initialised when 4xx handling tries to render an exception that requires it

[Sebobo]

Relates to neos/Neos.NeosIo#623

On neos.io we try to render a 410 error page with Fusion when a page when the redirect handler created a 410 status redirect for a deleted page. But the rendering uses the new CR which requires the security context to be initialised, which is not ready yet unless we position the middleware after securityEntryPoint.

redirecthandler/Configuration/Settings.yaml

Line 14 in af27046

position: 'after routing'

Affects Flow 9 / Neos 9