Import via git protocol allows to bypass checks on repository

Problem

When pushing via the git protocol to GitLab there are certain checks in place to stop people to push or commit "dangerous" things like branch names which look like commit hashes (40 hex characters) or files like .git/config within a repository. The UI also doesn't allow to create such branches or files.

However when importing a repo via the git:// protocol those checks are not enforced and such odd repositories can be cerated. As a proof of concept I've imported such a repo to gitlab.com, the branches can be seen at https://gitlab.com/gitlab-com/gl-security/security-research/branchname40hex/-/branches

A repository which contains a .git directory can also be imported that way, I've only verified this locally.

Proposed solution

The same checks should be applied to imports via the git:// protocol which are applied to normal push operations. This includes a git fsck to catch for instance .git directories and the prohibited_branch_checks in lib/gitlab/checks/branch_check.rb.

cc @gitlab-com/gl-security/appsec for initial triage and @nmalcolm as the SC for devopsmanage groupimport

This issue is part of a two-step solution:

1. Ensure that git fsck is applied after importing import projects via the git:// protocol (out of scope here, will be implemented by groupgitaly via https://gitlab.com/gitlab-org/gitaly/-/issues/4323)
2. Ensure that we run a clean-up task after the import is completed to delete all prohibited branches (this issue)