However, I cannot use it in my production environment as this returns NODATA globally (all views) for security.ubuntu.com.

I have several views not using dns64 for which the AAAA record should be the existing original answer.

While on Lua level it's not ergonomic, tags are supported in these APIs, so you can do a tiny change, e.g.:

lua:
  policy-script: |
    assert(C.kr_rule_local_data_ins(
      kres.rrset(kres.str2dname('security.ubuntu.com.'), kres.type.AAAA, nil, C.KR_RULE_TTL_DEFAULT),
      nil, policy.get_tagset({'myTag'}), C.KR_RULE_OPTS_DEFAULT
    ) == 0) 

and then you just need to add myTag to the views where you want to apply this rule (in YAML).

You can read more about tags and views in the docs, around page
https://www.knot-resolver.cz/documentation/latest/config-policy-new.html