All long-term branches should be covered by a branch protection rule

[trask]

I think it's uncontroversial that all long-term branches should be covered by a branch protection rule, e.g. to at least ensure the branch cannot be accidentally deleted or force pushed to.

Different repos have different naming conventions for long-term branch names, which makes this is hard to audit and mitigate issues with unprotected long-term branches.

So instead I wrote a script to report all branches that aren't covered by any branch protection (other than the fallback **/** branch protection), which seems to be pretty close to what we want, other than a lot of old temporary branches that maybe should get cleaned up anyways(?).

(note: the **/** branch protection rule actually "helps" us in this effort since it has forced us to create separate branch protection rules for renovate/**/*, etc)

I'm planning to automatically create per-repo issues with the list of unprotected branches in that repo and reference back to this issue for further discussion / assistance.

I think once all branches are covered by a branch protection rule (other than the fallback **/**), we can (and should) allow deletions on the fallback **/** branch protection, which should alleviate an existing pain point.

[trask]

To start with, I had the script open issues only on repos with less than 5 branches that weren't protected by branch protection rules.