Protect main branch

[ekuiter]

There's a lot of rules we can set here.

For now, I created a ruleset that heavily restricts how we can interact with the main branch, with the following rules:

• pushes to main are not allowed (enforcing the use of branches)
• force pushes to main are not allowed (this is a separate rule to the first one)
• no linear history is required (so merges, squashes, and rebases are all allowed, I don't think we need to restrict that)
• we do not require signed commits (it's overkill)
• merges are only possible when there is an associated pull request
  • this pull request needs to have least one approving review before allowing the merge
  • you cannot review your own pull request
  • all comments must be resolved before allowing the merge
  • if new changes are added to a pull request, a re-review is not necessary (these are options that are not documented very well and have many edge cases)
• CI is required to pass before allowing the merge

We can discuss here (or just try out for a while) whether that is too restrictive, I set the rules subjectively. We can also set specific people who can bypass these restrictions, if necessary.