Provide accurate information on the security coverage of the 8.x final minor and LTS, and recommend updating to the next major version when appropriate

Re-parenting to the D9 issue tree. This was not part of any of the phases of the plan in #2909665: [plan] Extend security support to cover the previous minor version of Drupal anyway.

This is listed as a beta requirement, so parenting there.

I talked to @xjm(and @Gábor Hojtsy maybe too🤔) about this and she suggested that we maybe able to get away with hardcoding the LTS logic for 8.9 into core.

In this patch I provided the the 8.9 LTS as a hard-coded. But it will only use it if a LTS for Drupal 8 is not available in update XML. If one is in the update XML will use that.

This could allow #2998285: Add information on later releases to updates.drupal.org to be delayed or even not done for LTS purposes if the 8.9 plan stays the same. If the 8.9 support end changes or if another release will be the LTS then drupal.org would have to provide LTS release information.

I just realized I didn't actually implement what #2998285 was suggesting exactly. It was suggesting putting future release in the releases array that is provided in the XML. In this patch I added support for lts_releases as a top-level item in the update XML. This would have less information than regular releases but would provide a support_end value.

I didn't implement this differently on purpose from the suggestion in #2998285 but this way may be simplier for drupal.org to implement. I am not sure.

The current patch allows:

1. 1 LTS per major
2. The LTS does not have to be in the releases array provided by drupal.org xml.
3. If no LTS for a major is provided in the XML 8.9.0 with support end of 11/01/2021 is used as a fallback. Additional future major version LTS versions can be added to \Drupal\update\UpdateHelper::setFallBackLts()
4. If a release is 1 minor version before the LTS then it will be assumed that it will be supported until the next major is released. For example 8.8 will be assumed to be supported until 9.0.0(unless a different LTS is provided)
5. Since \Drupal\update\UpdateFetcher::buildFetchUrl() includes \Drupal::CORE_COMPATIBILITY in URL only releases for the current major are returned. Therefore we can't rely on 9.0.0 release information being included to determine if it has been released and 8.8 no longer being supported. Therefor this patch looks at supported_majors in the XML. I assumed that if a major is in this list then that MAJOR.0.0 has been released. Is that true? I assume this would not be added before this release. Is that true?

I have added some test coverage which includes lts_releases provided in the XML to prove this works and that we can override the Fallback LTS of 8.9. But I would like some feedback on this idea in general before I add more test coverage.

This patch is currently on top of #2991207: Drupal core should inform the user of the security coverage for the site's installed minor version including final 8.x LTS releases

Merging this issue and the patch in #6 into #2991207-67: Drupal core should inform the user of the security coverage for the site's installed minor version including final 8.x LTS releases

Because they both are targeted to 8.8.x which is the first minor that needs the LTS logic for the security message.