Remove the requirement for marking security MRs as WIP
Currently security MRs are marked as WIP to prevent accidental merging. Unfortunately, WIP is a hack because they aren't actually a work in progress, they're done. Instead of using this setup, we should use protected branches to ensure only RMs and @gitlab-bot can merge into the appropriate branches.
To do this, we need to give the following people/groups access:
- @gitlab-bot
- @gitlab-org/release/managers
This more or less depends on https://gitlab.com/gitlab-org/release/framework/issues/165, as without that RMs might still merge changes by accident.
Edited by Yorick Peterse