Not sure, I am like 50/50 . I agree it can simplify some scenarios when KeycloakDeployment is accessible from KeycloakSecurityContext. On the other hand, KeycloakDeployment exposes some info, which is not necessary to be exposed in client apps.
I think you can just cast KeycloakSecurityContext to RefreshableKeycloakSecurityContext and get KeycloakDeployment from there?