Symfony version(s) affected: v5.0.8 (and git master)

Description
Currently when you use CSRF validation for logout then when invalid CSRF is submitted HTTP 500 will be returned and exception logged.
But this isn't correct because maybe user has wrong state (in which case we should inform them to refresh token) or even if it's attacker then we don't care about it (it's not server error, so HTTP 500 is wrong) as it's expected behavior.

How to reproduce

In security.yaml

security:
    firewalls:
        main:
            logout:
                path: logout
                csrf_token_generator: security.csrf.token_manager

Then make request to logout with wrong CSRF token.

Possible Solution
In Firewall ExceptionListener there is handleLogoutException it could check if it's CSRF exception and set response to redirect.

Additional context

Log

May 13 23:41:32 |INFO | PHP    A LogoutException was thrown. 
May 13 23:41:32 |ERROR| PHP    Uncaught PHP Exception Symfony\Component\Security\Core\Exception\LogoutException: "Invalid CSRF token." at /mnt/code/proj/vendor/symfony/security-http/Firewall/LogoutListener.php line 89