Allow configurable filter of files to watch

[dontcallmedom]

In general, only a subset of the files in a repo can contain normative content.

The repo manager should be configurable to ignore files that never contain normative content (possibly with a default list including README, CONTRIBUTING, etc...) to reduce false negatives.

[dontcallmedom]

Some design considerations:

• it could be managed in the repo manager db, or in the repository itself via dot-file
• maybe RegExp would be too risky (in that they may accidentally make us ignore files that should not be, e.g. new files); a collection of paths where one can ignore whole directories at once is probably safer
• not sure how this affects "ambiguous" content (e.g. explainers - they don't go on the Rec track and are not normative, but do have strong influence on normative content)

[tripu]

I thought for a moment of reusing the new meta file .github/CODEOWNERS with a special bogus username w3c-repo-manager for this purpose, like so:

*          @w3c-repo-manager         # By default, everything's normative
                                     # and is “watched”

f2f/       @Alice                    # Non-normative files
how-to.md  @Bob

spec/      @Alice @w3c-repo-manager  # Keep it normative,
                                     # and also assign PRs to specific users

But it is cumbersome, and Ash-Nazg would have to parse this file and apply some logic to paths and regexes…

[dontcallmedom]

A good way to start might be to whitelist files that are more or less guaranteed to not be IPR-relevant (e.g. package.json, package-lock.json). This would among other things let us more easily ignore bots who manage automatic updates to the software parts of repos, e.g. https://github.com/w3c/webappsec-trusted-types/pull/273