Control publication through GitLab permissions
Currently, we don't have forks, and can only grant users read or full write access to the repository, meaning that we can't make a distinction between core committers and regular contributors (a must for publically developped projects, such as Heptapod itself).
We need to tie the rights to publish changesets to the Master
role permission. This is mostly the same functionally as allowing the merge of MRs only to masters (or as if we protected all non-topic branches).
Work on this will involve both the Rails application (this projects) and Mercurial or hg-git.
Note: we can't use the protected branches settings at this point, because the GitLab frontend can't infer which branches will be affected by the current push.