Review access model and core core committer access

[maxime-rainville]

There's about a dozen core committers to the Silverstripe CMS project. They all have owner access on the silverstripe GitHub org. This is expose us to a level of risk since if anyone of those people got their account stolen or went rogue on us, they could do a lot of damage.

In practice core committers, don't need this level of access to do their day-to-day work.

We're also keen to implement branch protection to disallow direct push and manual tagging. With the introduction of automated merge ups and tagging, the only people needing this level of access are people debugging merges up or doing releases.

User story

As the Silverstripe CMS product owner, I want to restrain the privileges to those that actually needed by contributers to perform their function to minimise the risk of illegitimate access.

Acceptance criteria

• Core Committer doc is updated to clarify the level of access core committer have. Doc should say
  • All core committer have write and merge access on all supported repos.
  • A limited number of core committer have ownership rights on the GitHub organisation.
  • At least two Silverstripe staff members and two core committers outside Silverstripe have ownership access have ownership level access.
    • Ideally, at least one person living outside New Zealand has ownership access.
• A @silverstripe/core-team is updated to have an appropriate description and permissions.
• Members who will assume ownership role are agreed upon and access is updated accordingly.

Note

• @GuySartorelli has documented the current approach to branch protection already. DOC Add documentation about repository management developer-docs#487
• Somewhat related card
  • Apply branch protection to our repos #198
  • Review Core Committer policy #166