In #1497 the kernel.secret was introduced as a way to make the template map reproducible.

This is fine, except the kernel.secret value used is a runtime value (meant to be injected via env() or similar) and not necessarily known at build time. The secret being requested started breaking my build (in Docker) suddenly when upgrading to Symfony 7.2.

Since the usage of the secret is just to provide a stable seed, it doesn't need to use the actual secret, it can use the container checksum, just as similar uses in Symfony proper done recently by @nicolas-grekas, one example is symfony/symfony#56831

It would make sense to swap out the use of the secret (runtime variable) with the container checksum (build time variable).

cc @stof