feat: add git pre-push hook to prevent direct pushes to protected branches

This commit introduces a pre-push Git hook that prevents direct
pushes to the `main` and `dev` branches. This enforces the use of
pull requests for merging changes into these protected branches,
promoting code review and maintaining branch stability.

The changes include:
- Adding a `install-git-hooks` target to the Makefile to symlink
 the pre-push script into the `.git/hooks/` directory.
- Creating the `scripts/git-hooks/pre-push` script that checks the
 target branch and aborts the push if it matches a protected branch.
- Updating the `CONTRIBUTING.md` file to instruct developers to
 install the Git hooks after setting up their development
 environment.

scripts/git-hooks/pre-push

@@ -0,0 +1,21 @@
+#!/bin/sh
+
+# --- Protected Branches ---
+PROTECTED_BRANCHES="^(main|dev)$"
+
+# Read stdin to get push details
+while read local_ref local_sha remote_ref remote_sha; do
+    # Extract the branch name from the remote ref (e.g., refs/heads/branch-name)
+    branch_name=$(echo "$remote_ref" | sed 's!refs/heads/!!')
+
+    # Check if the pushed branch matches our protected branches
+    if echo "$branch_name" | grep -qE "$PROTECTED_BRANCHES"; then
+        echo "----------------------------------------------------------------"
+        echo "❌ ERROR: Direct pushes to the '$branch_name' branch are forbidden."
+        echo "Please use a pull request to merge your changes."
+        echo "----------------------------------------------------------------"
+        exit 1 # Abort the push
+    fi
+done
+
+exit 0 # Allow the push