Review and configure "Protected Branches" for all repos
As per feedback from @EorlBruder and @Roman: It might be wise to set main/master branches protected and only allow the DOCKER_HUB credentials to be used on such branches (security hardening). Hence Docker release will only be possible by users with the maintainer roles.