Allow security MRs targeting unreleased stable branches

In the window between a new stable branch being created during an RC, and the monthly .0 release being created, a security MR might target the stable branch but be rejected because version.gitlab.com doesn't yet know about the version.

This naive solution would break down when we have a new major version.

A better solution might be to allow rc versions to be created (but not considered for the upgrade warning) so that we get back the intended versions.

Related to gitlab-com/gl-infra/delivery#1360 (closed) and !1297 (merged).