Remove deployment tracking dependency from managed versioning
On #2607 (closed), we aimed to couple deployment tracking from Managed versioning by finding the last deployment component using release/metadata information. This worked for Gitaly and GitLab, but not for Omnibus because this repo has an "Update Component version" task that only happens on Security causing a divergence between the metadata and the deployment tracking info (complete details on #2607 (comment 1141993827)).
Ultimately for Omnibus, in terms of managed versioning we care about the commit running on GitLab.com so we opted to continue using deployment tracking gitlab-org/release-tools!2007 (merged), this solved the problem but still leave the deployment tracking dependency. The same problem could apply to components that have security-specific tasks (like CNG)
Proposal: Use the release/metadata information by default on managed versioning
Components will use the release/metadata info to create stable branches, and if the commit doesn't exist on canonical, the tooling will find an intersection between canonical and security commits (basically using the previous commit to the security one). This is the same strategy used for tracking deployments on canonical.