Release candidate container does not support security updates

Commit 660188266aa171ac536d1182486fabf411dc18be modified the release candidate container to not install any packages from the "Fedora Updates". The goal was to ensure no matter when you built, you would get the exact same packages, which improves reproducability and lessens the chance for the build to break if Fedora updates a package.

However, this means that the container does not receive any security updates as well. While it's unlikely security issues could affect the build since all code run in the container is trusted, we should come up with a way to ensure security updates are applied, preferably without requiring that someone delete and rebuild the entire container for every release.