Prevent any direct push to master

ZenDesk: https://gitlab.zendesk.com/agent/tickets/25421

User

What we would like to set up is:

1. No one (regardless of other permission levels) can push directly to master branch; everyone must have their code reviewed
2. Team members are all able to provide these approvals and accept merge requests to master

If we set a user as a Developer, they have 1 but not 2 (can't push to master/protected branches but also can't accept a merge request); if we set a user as Master, then they have 2 but not 1 (can accept merge requests to master but could also, perhaps accidentally, push directly to master).

Seems we can resolve this by adding a project setting that prevents any push to master.

cc/ @JobV