Symfony version(s) affected: 4.4.1, 5.0.1

Description

Invoking bin/console commands causes a write operation (directory creation) in ./config/ directory.

How to reproduce

• Install a Symfony application
• Revoke write permissions on config/ directory (e.g. chmod 055 ./config)
• Run any console command (e.g. bin/console list --env=prod) - it will produce an exception:

In SodiumVault.php line 40:
                                                                                                                          
  Unable to create the secrets directory (/xyz/config/secrets/prod) 

Possible Solution

Move the secrets directory creation from the constructor to the methods where this directory is actually needed.

Additional context

The reason I belive its important is that in a typical secure production environment it should NOT be necessary to have write access to the config directory to run all bin/console commands. In our production environments we expect the framework to avoid unnecessary writes unless needed by a specific command.