RST/SCT/Renew message not send(function) when WCF Client [.NET 8.0] communicate to WCF Server [.Net Framework 4.8]

[josefsnirych]

Describe the bug
We are using WCF Server [.NET Framework 4.8] and WCF Client [.NET 8.0], and when there is a need to send a message http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew, the message is not sent, and an exception occurs.
We are using Duplex channel with netTcpBinding.Security.Mode = SecurityMode.TransportWithMessageCredential and certificate.

To Reproduce
Steps to reproduce the behavior:

1. I created a sample project to reproduce the issue. I used LINQPad (https://www.linqpad.net/Download.aspx) to create a server and a client; however, these LINQPad scripts can be easily modified to console applications. Just remove the extension '.txt', it didn't allowed me upload files with '.linq' extension
   Server LINQPad 5 - wcf_server_renew_problem.linq.txt
   Client LINQPad 9 - wcf_client_net8_renew_problem.linq.txt
   Run the server and the client, then wait for a maximum of 3 minutes. The error should appear.

2. Full call stacks.

• The exception CommunicationObjectFaultedException aplication_error.txt that appears doesn't provide much information on what is wrong exactly. So I debugged the library System.ServiceModel.Primitives directly to get more information.
• During debug appeared XmlException inner_exception.txt and I was able to determine why it is failing with a CommunicationObjectFaultedException. There is a problem when creating a signature for the token, that the stream reference has a position at the end of the stream and therefore is not able the xmlreader read the xml document wcf/src/System.ServiceModel.Primitives/src/System/ServiceModel/Security/WSSecurityOneDotZeroSendSecurityHeader.cs at v8.1.2-rtm · dotnet/wcf
• I was able to fix the XML issue by setting the position of _toHeaderSteam to the beginning, in the same way as it is done for different stream in the same method wcf/src/System.ServiceModel.Primitives/src/System/ServiceModel/Security/WSSecurityOneDotZeroSendSecurityHeader.cs at v8.1.2-rtm · dotnet/wcf.
  _toHeaderStream.Position = 0;
AddReference("#" + _toHeaderId, _toHeaderStream);
  After applying the fix, the message http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew was sent to the server.
• But when the server is checking the message, it is failing with an error The security protocol cannot verify the incoming message.
  The problem is that the .NET 8 client implementation differs from .NET 4.8 implementation. The signing of the security token System.ServiceModel.Security.Tokens.BufferedGenericXmlSecurityToken is sent extra in .NET 8 implementation, and it is causing the The security protocol cannot verify the incoming message. problem, because .NET 4.8 server doesn’t expect this signing.
  Renew message from .NET 4.8 client ok_renew.xml
  Renew message from .NET 8 client wrong_renew.xml

Expected behavior
I expect that the Renew message should be functional between the WCF Client [.NET 8.0] and the WCF Server [.NET Framework 4.8] by default, or there should be some switch or another way to send the Renew message in a way that the WCF Server [.NET Framework 4.8] understands.