Make stable-security build logs public on package release

Build logs from xxx-security stable suites are made private, so that embargoed packages can be built in advance.
e.g. https://buildd.debian.org/status/package.php?suite=buster-security&p=golang-1.11 before +deb10u5.

When a suite is handed over to the LTS Team, the new build logs are public because LTS doesn't have an embargo system.

This causes an issue when working on the first security update for an LTS package, because we can't compare the last working build log with the current one, in particular when trying to understand build failures and test suite regressions on uncommon architectures.

On IRC, carnil (who was nice enough to dig needed logs manually a few times) suggested:

it would be nice to look again if it can be implemented, that once the package is released that build logs can be made public as well
there might be some some corner cases to think about, or look how to track what can be made public, but in principle once e.g. embargoes are lifted, and updates released.

(more details to come, currently digging past exchanges on the topic)