Symfony version(s) affected: 4.4-dev

Description

Because of PR #33663, responses are now marked private when they weren't before.
getToken() is called in Symfony\Component\Security\Http\Firewall\AccessListener if a firewall is defined. Calling this method increases the usage counter, then AbstractSessionListener detects that the session has been used (it's not the case in 4.3) and mark the response a private (but shouldn't).

How to reproduce

This breaks the API Platform test suite. To reproduce:

git clone https://github.com/api-platform/core
cd core
jq '. + {"minimum-stability": "dev"}' composer.json | sponge composer.json
composer install
rm -Rf tests/Fixtures/app/var/cache/* && php -dmemory_limit=-1 ./vendor/bin/behat features/http_cache/headers.feature