Strengthen branch protections

I accidentally pushed to `main` directly for https://github.com/SciML/ADTypes.jl/commit/b7ba2870bde294c6834b6541a657901062a6aec2 and the repo didn't stop me. Perhaps we should add rules so that such pushes are impossible, even for people with the necessary permissions? There is one to require pull requests but we may need to tick the box that says it applies to all roles.