minor #11244 Use correct file path and complete examples (OskarStark)

This PR was squashed before being merged into the 4.2 branch (closes #11244).

Discussion
----------

Use correct file path and complete examples

Commits
-------

c1b8585 complete examples
1bc96e2 fix filepath

Author: wouterj

security/access_control.rst

@@ -282,7 +282,7 @@ key:
 
     .. code-block:: xml
 
-        <!-- app/config/security.xml -->
+        <!-- config/packages/security.xml -->
         <?xml version="1.0" encoding="UTF-8"?>
         <srv:container xmlns="http://symfony.com/schema/dic/security"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -291,19 +291,24 @@ key:
                 https://symfony.com/schema/dic/services/services-1.0.xsd">
 
             <config>
+                <!-- ... -->
                 <rule path="^/_internal/secure"
                     allow-if="'127.0.0.1' == request.getClientIp() or is_granted('ROLE_ADMIN')"/>
             </config>
         </srv:container>
 
     .. code-block:: php
 
-        'access_control' => [
-            [
-                'path' => '^/_internal/secure',
-                'allow_if' => '"127.0.0.1" == request.getClientIp() or is_granted("ROLE_ADMIN")',
+        // config/packages/security.php
+        $container->loadFromExtension('security', [
+            // ...
+            'access_control' => [
+                [
+                    'path' => '^/_internal/secure',
+                    'allow_if' => '"127.0.0.1" == request.getClientIp() or is_granted("ROLE_ADMIN")',
+                ],
             ],
-        ],
+        ]);
 
 In this case, when the user tries to access any URL starting with ``/_internal/secure``,
 they will only be granted access if the IP address is ``127.0.0.1`` or if
@@ -349,16 +354,20 @@ access those URLs via a specific port. This could be useful for example for
             xsi:schemaLocation="http://symfony.com/schema/dic/services
                 https://symfony.com/schema/dic/services/services-1.0.xsd">
 
-            <rule path="^/cart/checkout"
-                role="IS_AUTHENTICATED_ANONYMOUSLY"
-                port="8080"
-            />
+            <config>
+                <!-- ... -->
+                <rule path="^/cart/checkout"
+                    role="IS_AUTHENTICATED_ANONYMOUSLY"
+                    port="8080"
+                />
+            </config>
         </srv:container>
 
     .. code-block:: php
 
         // config/packages/security.php
         $container->loadFromExtension('security', [
+            // ...
             'access_control' => [
                 [
                     'path' => '^/cart/checkout',
@@ -396,16 +405,20 @@ the user will be redirected to ``https``:
             xsi:schemaLocation="http://symfony.com/schema/dic/services
                 https://symfony.com/schema/dic/services/services-1.0.xsd">
 
-            <rule path="^/cart/checkout"
-                role="IS_AUTHENTICATED_ANONYMOUSLY"
-                requires-channel="https"
-            />
+            <config>
+                <!-- ... -->
+                <rule path="^/cart/checkout"
+                    role="IS_AUTHENTICATED_ANONYMOUSLY"
+                    requires-channel="https"
+                />
+            </config>
         </srv:container>
 
     .. code-block:: php
 
         // config/packages/security.php
         $container->loadFromExtension('security', [
+            // ...
             'access_control' => [
                 [
                     'path' => '^/cart/checkout',

security/form_login_setup.rst

@@ -254,7 +254,7 @@ a traditional HTML form that submits to ``/login``:
 
     .. code-block:: php
 
-        // app/config/security.php
+        // config/packages/security.php
         use App\Security\LoginFormAuthenticator;
 
         $container->loadFromExtension('security', [