This now includes taint-check, per T235390. A few notes:
- The 'extra' key should be removed from composer.json (or actually, taint-check should be removed from there)
- Upgrading core will be painful due to T231311 not being done yet. We can use the $disableTaintCheck hack for now, and finish it later.
- The seccheck-specific job can be killed in CI for the master branch of all the upgraded repos. This can be done at the end of the upgrade for all repos together.