How do you handle patches which should be installed asap on all systems / stages?
I would have to publish a new version of the regarding content views and promote all stages to the same version in order to have the security-patched packets available?
What you are looking for are the so called incremental content views which are created when you want to have an errata installed on all systems without the full staging process.
This should be the subsection of the documentation for this workflow, but you should probably read the whole section if something is unclear: Content Management Guide
Yes, unfortunately CentOS does not provide the updateinfo metadata in their repositories.
I have not needed it in a while, but from different threads here I had the impression that it was working again with pulp 3. But I think @iballou will know this for sure.
But while the GUI has the workflow only implemented for erratas, using the API it is also possible for packages. So this could be a workaround if errata support for an OS is not available.
The more convenient way to handle emergency updates is with the incremental update feature. You can add errata or RPMs from main repositories to content view versions directly with it. It will create a “point-release” of the content view version with your added content.