Disable `remember-ok-to-test` by default

[arewm]

When /ok-to-test is remembered, it is possible for an external contributor to gain trust with a reasonable code change and then push a malicious change which is targeted at the build system (i.e. secret exfiltration).

In order to mitigate this risk, PAC should configure this to false by default and documentation should be added to highlight the risk. Installations would then have to explicitly set this to true to accept the potential risk of the configuration.