Handle yanked releases

[christopher-dG]

When a release is yanked (marked as uninstallable) from a registry, its entry in the Versions.toml has yanked = true inserted. That make new yanks easily detectable by TagBot. But what's the right thing to do with a yanked release?

Options would appear to be:

1. Delete it and the Git tag (not a fan, tags are supposed to be immutable)
2. Delete it but leave the Git tag intact (seems fine but might leave people wondering "hey why does this tag have no release")
3. Delete it and replace the Git tag with an identical one, but annotated and with a message like "this release has been yanked" (seems ideal and most similar to what is happening in the registry, but technically violates the "tags are immutable" thing)
4. Only update the changelog (seems cool if we want to be safe and not touch Git tags)

Personally I think option 3 seems best. When replacing a tag with git push origin --tags --force, I don't think there is any chance of the tag being deleted and not replaced.

[fredrikekre]

Does anyone look at GH releases anyway? I think option 4 looks fine.