Remove suggestion of using protected branches as vulnerability tracked by default

The following discussion from !12117 (merged) should be addressed:

• @theoretick started a discussion: (+1 comment)

  issue non-blocking: AFAICT there are no limit to protected branches and given you can do scary things like use wildcards, we'll certainly need to limit this further too. Unfortunately, if you have 100 protected branches I don't know if a good way we could choose which 10 to track, so I don't know if we can actually rely on this long-term without requiring more granular control

Per the conversation, it's clear that tracking vulnerabilities across all protected branches may be risky. This may simply be something we don't want to do, or could think of other sensible defaults.

Perhaps the first X protected branches, and not including wildcards?