root-signing-staging: Update branch protection

[jku]

The intention is that both "publish" and "main" branches can be pushed to by sigstore-bot. Currently this is not true for "publish" (although somehow it was until yesterday?)

Copy the settings so "publish" has the same ones as "main".

This fixes #449, should unblock sigstore/root-signing-staging#130. Note that I'm not sure why the issue appears now but I think it has to do with the pulumi issues we were having...

CC @kommendorkapten @haydentherapper

[github-actions[bot]]

:tropical_drink: preview on sigstore-github-sync/sigstore/github-prod

Pulumi report

``` Previewing update (sigstore/github-prod) View Live: https://app.pulumi.com/sigstore/sigstore-github-sync/github-prod/previews/ff14631d-eb6c-4a55-aa3c-b0f4c3a14a0e @ Previewing update.... pulumi:pulumi:Stack: (same) [urn=urn:pulumi:github-prod::sigstore-github-sync::pulumi:pulumi:Stack::sigstore-github-sync-github-prod] @ Previewing update.... ~ github:index/branchProtection:BranchProtection: (update) [id=BPR_kwDOKlCAEM4DA1SY] [urn=urn:pulumi:github-prod::sigstore-github-sync::github:index/branchProtection:BranchProtection::root-signing-staging-publish] [provider=urn:pulumi:github-prod::sigstore-github-sync::pulumi:providers:github::default_6_2_0::25aae923-754e-438f-8fef-788921b75628] ~ requiredPullRequestReviews: [ ~ [0]: { ~ dismissalRestrictions: [ + [0]: "T_kwDOBDzYIc4AhiMd" ] ~ pullRequestBypassers : [ + [0]: "MDQ6VXNlcjg2ODM3MzY5" ] } ] Resources: ~ 1 to update 586 unchanged ```

[jku]

I'll do this change manually since I seem to have the permissions: this PR is still relevant but not urgent

[haydentherapper]

@bobcallaway could this be a side effect of the manual branch protection changes we made to get syncing working again?

[bobcallaway]

@bobcallaway could this be a side effect of the manual branch protection changes we made to get syncing working again?

yes, totally possible.