GHSA-3r8j-pmch-5j2h

## Internal exception message exposure for login action

### Impact
Exception messages from internal exceptions (like database exception) are wrapped by `\Symfony\Component\Security\Core\Exception\AuthenticationServiceException` and propagated through the system to UI. Therefore, some internal system information may leak and be visible to the customer.

A validation message with the exception details will be presented to the user when one will try to log into the shop.

### Patches
_Has the problem been patched? What versions should users upgrade to?_

### Workarounds
The `src/Sylius/Bundle/UiBundle/Resources/views/Security/_login.html.twig` file should be overridden and lines https://github.com/Sylius/Sylius/blob/1.4/src/Sylius/Bundle/UiBundle/Resources/views/Security/_login.html.twig#L13-L17 should be replaced with
```twig
{% if last_error %}
<div class="ui left aligned basic segment">
{{ messages.error(last_error.messageKey) }}
</div>
{% endif %}
```

The `messageKey` field should be used instead of the `message`.