Add EnableWebFluxSecurity migration step

Closes gh-12434

docs/modules/ROOT/pages/migration/reactive.adoc

@@ -424,3 +424,47 @@ The method `setAllowMultipleAuthorizationRequests(...)` has no direct replacemen
 === `UnAuthenticatedServerOAuth2AuthorizedClientRepository`
 
 The class `UnAuthenticatedServerOAuth2AuthorizedClientRepository` has no direct replacement. Usage of the class can be replaced with `AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager`.
+
+== Add `@Configuration` to `@Enable*` annotations
+
+In 6.0, all Spring Security's `@Enable*` annotations had their `@Configuration` removed.
+While convenient, it was not consistent with the rest of the Spring projects and most notably Spring Framework's `@Enable*` annotations.
+Additionally, the introduction of support for `@Configuration(proxyBeanMethods=false)` in Spring Framework provides another reason to remove `@Configuration` meta-annotation from Spring Security's `@Enable*` annotations and allow users to opt into their preferred configuration mode.
+
+The following annotations had their `@Configuration` removed:
+
+- `@EnableGlobalAuthentication`
+- `@EnableGlobalMethodSecurity`
+- `@EnableMethodSecurity`
+- `@EnableReactiveMethodSecurity`
+- `@EnableWebSecurity`
+- `@EnableWebFluxSecurity`
+
+For example, if you are using `@EnableWebFluxSecurity`, you will need to change:
+
+====
+.Java
+[source,java,role="primary"]
+----
+@EnableWebFluxSecurity
+public class SecurityConfig {
+	// ...
+}
+----
+====
+
+to:
+
+====
+.Java
+[source,java,role="primary"]
+----
+@Configuration
+@EnableWebFluxSecurity
+public class SecurityConfig {
+	// ...
+}
+----
+====
+
+And the same applies to every other annotation listed above.