Support deployment tracking for security releases

This adds support for tacking of deployed security releases. This is implemented by checking if the Omnibus SHA exists on the canonical or security repository, then setting SharedStatus.security_release? to true while deployments are recorded.

For this to work reliably, we introduce BaseProject.canonical_or_security_path. This method is just an alias to BaseProject.to_s, but makes it more clear that we want either the canonical or security path; something that isn't clear then just using .to_s.