Document more stuff for new GitLab projects

docs/new-gitlab-project.md

@@ -12,3 +12,10 @@ the "Developer" role. The idea is to let these people mostly manage their own pr
 4. If a project needs a secure runner to build trusted artifacts, coordinate with
 the rest of the DevOps team and if found to be reasonable, assign a secure runner
 to a protected branch of the project.
+5. Make sure that the Push Rules in https://gitlab.archlinux.org/archlinux/arch-boxes/-/settings/repository
+tick all of "Committer restriction", "Reject unsigned commits", "Do not allow
+users to remove tags with git push", "Check whether author is a GitLab user",
+"Prevent committing secrets to Git". All of these should be activated by
+default as per group rules but it's good to check.
+6. The Protected Branches in https://gitlab.archlinux.org/archlinux/arch-boxes/-/settings/repository
+should specify "Allowed to merge" and "Allowed to push" as "Developers + Maintainers."