Set up branch protection for 'gh-pages' branch

[tobous]

As the gh-pages branch should only be used to deploy our website build artifacts, it would be nice to set up some sort of branch protection ensuring that the branch is not deleted or pushed to by anyone besides the build job.

A basic setup for this would be possible through the use of branch protection, which ensure that the branch could not be deleted. As the branch is updated using force-pushing, we would have to allow it for the build job to function. This should, however, not be an issue as branch protection offers an option to restrict who can push to the branch.

The big question now is to whom the push as part of the build action is attributed. If it is the person that created/merged the PR, this approach is not an option. If this would be some internal github default user or the user were configurable (e.g. we could set to to be saros-infrastructure), this approach should be usable.