minor #12371 [Security] Deprecated using more than one role in access_control rules (javiereguiluz)

This PR was merged into the 4.4 branch.

Discussion
----------

[Security] Deprecated using more than one role in access_control rules

Fixes #12363.

Commits
-------

19475ed [Security] Deprecated using more than one role in access_control rules

Author: javiereguiluz

security/access_control.rst

@@ -103,6 +103,11 @@ Take the following ``access_control`` entries as an example:
             ],
         ]);
 
+.. deprecated:: 4.4
+
+    Using more than one role in a single ``access_control`` rule is deprecated
+    and will stop working in Symfony 5.0.
+
 For each incoming request, Symfony will decide which ``access_control``
 to use based on the URI, the client's IP address, the incoming host name,
 and the request method. Remember, the first rule that matches is used, and
@@ -153,6 +158,11 @@ options:
   is thrown). If this value is an array of multiple roles, the user must have
   at least one of them.
 
+  .. deprecated:: 4.4
+
+    Using more than one role in a single ``access_control`` rule is deprecated
+    and will stop working in Symfony 5.0.
+
 * ``allow_if`` If the expression returns false, then access is denied;
 
 * ``requires_channel`` If the incoming request's channel (e.g. ``http``)