ci: add job to check PR label requirements

.github/workflows/labels.yml

@@ -0,0 +1,19 @@
+name: Check labels
+
+on:
+  pull_request:
+    branches:
+      - '*'  # Trigger on all branches for pull requests
+    types: [opened, synchronize, reopened, labeled, unlabeled]
+
+jobs:
+  require-challenge:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: mheap/github-action-required-labels@5847eef68201219cf0a4643ea7be61e77837bbce # v5.4.1
+        with:
+          mode: exactly
+          count: 1
+          labels: "challenged"
+          add_comment: true
+          message: "This PR cannot be merged yet because a required label is missing: `{{ provided }}`. It needs to be added before this PR can be merged."