Fix validating of security MR pipelines

This fixes a bug where a pipeline with an allowed failure would still result in the MR being assigned back to the author. This would happen when a build failed that is only allowed to fail on dev, as in this case the pipeline status was still "failed", thus resulting in !pipeline.passed? evaluating to true.