Related to #17260, `<websocket-message-broker>` should pick up a bean named `csrfChannelInterceptor` in the same way that `@EnableWebSocketSecurity` does. This is a bug since it was identified as part of the migration path when `XorCsrfChannelInterceptor` was released.
