Buildbot - Protected Branches Stage 1: require testing

The first stage in having protected branches enabled for the Server is to configure Github to disallow pushes that have not passed our testing pipeline.

The green checkbox - ok to push - should come from buildbot.mariadb.org. As some builders can take a long time to run, we should use a subset of builders to perform a "smoke test".

Once the smoke test passes, only that specific commit hash can be pushed to the protected branch.

To make sense, Stage 1 would require New Buildbot to be mandatory. Otherwise, tests can be bypassed by merely running Old Buildbot.

This paves the way for Stage 2, which automates this process.

Implementing Stage 1 without the automation of Stage 2 causes developer frustration because the committer needs to babysit the buildbot process and can push only when the buildbot is completed green, after which someone may have made a conflicting commit which then restarts the need for the whole testing process.