We allow users in the Next.js team to push directly canary in order to allow emergency fixes (and, AFAIU, some other things in GH workflows). This PR adds a guardrail to prevent absentminded people from doing it by accident, requiring a 'git push --no-verify' to bypass the hook.