Review process for container security analyzers

As part of the ~"group::container security" 14.5 retrospective, we discussed maintainership rules for our analyzers.

One proposal, copied below, was written in the comments and we're looking for feedback from the team before implementing it.

Proposal

@mparuszewski: we need to quickly develop that process to make sure we have at least 2 maintainers for each project.

Perhaps we should configure Merge Request Approvals in a way that will allow us to ensure that we will not introduce any regression, WDYT?

@bwill: We could update the protected branch settings to allow people from our group to continue to accept merge requests, but begin following the process where we ask the maintainer to do the final review and accept the MR.