Require resolved discussions for security MRs

Unresolved discussions prevent MRs from being merged, and rightfully so. This extends the MR validator so that MRs with unresolved discussions are assigned back to the MR author, instead of producing an API error.

This fixes https://gitlab.com/gitlab-org/release-tools/issues/276