[chore:security] Enable branch protection on main requiring CODEOWNERS review

[JacobPEvans-personal]

Background

PR #20 added .github/CODEOWNERS requiring @JacobPEvans review on routines/**, the deploy skill, CLAUDE.md, and CODEOWNERS itself. The CODEOWNERS file is half of the control — the other half is branch protection requiring CODEOWNERS review on PRs targeting main.

Request

Enable branch protection on main with:

• Require pull request reviews before merging.
• Require review from Code Owners.
• Dismiss stale pull request approvals when new commits are pushed.
• Restrict who can push to matching branches (no direct pushes to main).

This requires the gh-claude-admin token tier (per CLAUDE.local.md token-tier system) — admin-tier work that Claude cannot do from a RESTRICTED session.

# Run from a gh-claude-admin session
gh api repos/JacobPEvans/claude-code-routines/branches/main/protection \
  -X PUT --input - <<'PROTECTION'
{
  "required_status_checks": null,
  "enforce_admins": false,
  "required_pull_request_reviews": {
    "dismiss_stale_reviews": true,
    "require_code_owner_reviews": true,
    "required_approving_review_count": 1
  },
  "restrictions": null,
  "required_linear_history": false,
  "allow_force_pushes": false,
  "allow_deletions": false
}
PROTECTION

Why now

Per security-auditor review finding #8 (prompt poisoning blast radius): "A malicious PR to routines/distributor.prompt.md gets reviewed, merged, then the next time the user runs the deploy skill, Claude reads the post-merge file and pushes it to cloud." CODEOWNERS + branch protection is the gate.

Provenance

• Filed by: Routine rewrite implementation (PR feat(routines): rewrite six new routines, ground-truthed and hardened #20).
• Why this issue: Follow-up fix: switch deploy trigger from push to workflow_dispatch + daily schedule #4 from the PR plan; cross-cutting control S4.
• Label: cloud-routine