added default branch protection script.

.github/README.md

@@ -0,0 +1,11 @@
+# Github
+
+## Branch Protection Rules
+
+This will create the default branch protection rules using github API.
+
+```
+./branch-protection.sh $reponame $PAT
+```
+
+PAT must have `administration:write`. https://docs.github.com/en/rest/repos/rules?apiVersion=2022-11-28#create-a-repository-ruleset

.github/branch-protection.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+
+curl --location "https://api.github.com/repos/NHSDigital/$1/rulesets" \
+--header 'X-GitHub-Api-Version: 2022-11-28' \
+--header 'Accept: application/vnd.github+json' \
+--header "Authorization: Bearer $2" \
+--header 'Content-Type: application/json' \
+--data '{
+    "name": "nhs-notify-default",
+    "target": "branch",
+    "enforcement": "active",
+    "conditions": {
+        "ref_name": {
+            "exclude": [],
+            "include": [
+                "~DEFAULT_BRANCH"
+            ]
+        }
+    },
+    "rules": [
+        {
+            "type": "deletion"
+        },
+        {
+            "type": "non_fast_forward"
+        },
+        {
+            "type": "required_signatures"
+        },
+        {
+            "type": "pull_request",
+            "parameters": {
+                "required_approving_review_count": 1,
+                "dismiss_stale_reviews_on_push": true,
+                "require_code_owner_review": true,
+                "require_last_push_approval": true,
+                "required_review_thread_resolution": true
+            }
+        }
+    ]
+}'