Include invalid MRs in the security merge output

When there are security MRs deemed invalid, we now include them in the output sent to Slack. This makes it more clear to release managers there might be some MRs that need to be taken care of before a release can be tagged.

The output looks like this:

This fixes https://gitlab.com/gitlab-org/release-tools/issues/278