Update stable branches permissions when a new version is released

Context

Extend the maintenance policy to account for th... (&971 - closed) will extend the maintenance policy to align the bug fix with the security policy, that is, maintainers will be able to self-serve on bug fixes for the last three versions.

Whenever a new stable version of GitLab is released, protected branch settings are updated to allow GitLab maintainers to merge into the current stable version ( via monthly_release_finalize:update_protected_branches job on the monthly release pipeline). This job needs to be updated to account for the last three versions

Proposal: Update stable branches' permissions when a new version is released.

On the release day (3rd Thursday of the month), when a new version is published to customers, the stable branch and the two previous versions should be opened to maintainers; branches outside the policy should be limited to release managers only.

Examples:

• 2025-05-15 - 18.0 is released
  • 18.0, 17.11, and 17.10 are open to maintainers
  • 17.9 and below are limited to release managers
• 2025-06-19 - 18.1 is released
  • 18.1, 18.0 and 17.11 are open to maintainers
  • 17.10 and below are limited to release managers.

Exit criteria

• The monthly_release_finalize:update_protected_branches is updated to account for three versions
• The monthly_release_finalize:update_protected_branches limits access to stable branches outside the policy
• Updates to the monthly_release_finalize:update_protected_branches are under a feature flag.