I see now that the fault is all mine.
In February I ran a OpenWrite for Spring Boot 3.2 upgrade. And I now see that @EnableGlobalMethodSecurity was replaced with @EnableMethodSecurity.
That’s when the problem was introduced. Very sorry for even thinking Vaadin could maybe be the culprit for what I obviously did myself with some help from OpenWrite (dangerous thinking that would go just fine).