Spring Security should use Feature Variants instead of custom optional plugin. This will allow for publishing optional dependencies.