ci: add workflow to restrict direct PRs to release branches

[knqyf263]

Description

Added workflow to prevent direct PRs to release branches (release/v*)

• Fails if PR is created by non-aqua-bot user
• Includes documentation link about the backporting process in error message

Tests

I confirmed this workflow correctly failed PRs from other than aqua-bot, but I didn't have a token of aqua-bot. I didn't have an idea to test it.
knqyf263#68

Checklist

• I've read the guidelines for contributing to this repository.
• I've followed the conventions in the PR title.
• I've added tests that prove my fix is effective or that my feature works.
• I've updated the documentation with the relevant information (if needed).
• I've added usage information (if the PR introduces new options)
• I've included a before and after example to the description (if the PR is a user interface change).

[knqyf263]

@DmitriyLewen Please let me know if you have an idea how to test it in the fork repository.

[DmitriyLewen]

@knqyf263 test run for aqua-bot user - https://github.com/aquasecurity/trivy-test/actions/runs/12761782228/job/35569284451?pr=22

But I found one problem - the release/v* branch must contain this workflow to start.
So perhaps we will want to create backport for this PR before v0.58.2.

[knqyf263]

I totally forgot about trivy-test 😨 Thanks for testing!

BTW, Itay found this setting in the branch protection.

But I didn't find the equivalent in the rulesets.

[knqyf263]

So perhaps we will want to create backport for this PR before v0.58.2.

I already kicked the release since some users are waiting for v0.58.2. We can test this workflow next time.

[DmitriyLewen]

I already kicked the release since some users are waiting for v0.58.2. We can test this workflow next time.

I suggest merging this PR anyway.
if we need to - we will move this PR to release/v0.58.
release/v0.59 will contain this fix anyway.