[Security] The 'entry_point' setting is well-hidden, error message not helpful

[aleksblendwerk]

Maybe I chose an over-complicated implementation (over here) and got a rather unusual use case (is it even?) - a login form that is displayed by an ordinary controller and a login action that expects the login attempt data as JSON.

Before manually defining an entry_point, I just kept getting an AccessDeniedException along with the message Full authentication is required to access this resource - which wasn't very helpful - whenever I visited an existing URL without being logged in.

It took me a long time until I finally found out that I have to define an entry_point and that this setting even exists because there is no mention of it on the Security docs entry point (!) at https://symfony.com/doc/current/security.html.

Not sure what could be done here, just thought maybe we can save other poor souls from getting lost like this as well.

[javiereguiluz]

Closing in favor of #15908, a meta-issue that groups all pending security-related issues so we can easily check them.