Add option to allow developer push if there are no branches

What does this MR do and why?

This MR introduces new default branch protection setting "Fully protected after initial push" which allow user with Developer role to perform one-time push to empty repository

Screenshots or screen recordings

https://www.youtube.com/watch?v=Vbl-C8CQ8Q4

How to set up and validate locally

1. Pick a group, we will be using Commit451 as an example
2. Open group settings -> repository (/groups/Commit451/-/settings/repository)
3. Set default branch protection level to Fully protected after initial push and save it
4. Ensure that group allows Developer to create new projects
5. Pick or create user, which has is not and admin and has Developer permission to this group.
6. As this user (either by logging in or using impersonation) create new empty project. Ensure that initialize with README is unchecked - you need project with no branches
7. As this user clone repository, create first commit & perform push to this repository. It should complete ok
8. Make second commit & push. It should fail, because repository is fully protected now _

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

Related to #374003 (closed)