Roman Steiner, Apologies for the delayed response. Please check the this doc "Use source control integration", especially the NOTE section available which contains the following information:
According to this Azure DevOps documentation, Third-party application access via OAuth policy is defaulted to off for all new organizations. So, if you try to configure source control in Azure Automation with Azure Devops (Git) as source control type without enabling Third-party application access via OAuth under Policies tile of Organization Settings in Azure DevOps then you might get SourceControl securityToken is invalid error. Hence to avoid this error, make sure you first enable Third-party application access via OAuth under Policies tile of Organization Settings in Azure DevOps.
Hope this helps. If it does not, I would suggest opening a Support Ticket so that it can be investigated 1:1 with backend logs (if required).