Option to require maintainer approval before preview deployments

[TheDanniCraft]

Currently, preview deployments are triggered automatically for all pull requests.
This can be a security concern when non-maintainers open PRs, since preview builds may expose environment variables (e.g., if a contributor intentionally outputs process.env values on a api route).

Proposed behavior:

• If a maintainer opens a PR → preview deployment runs automatically.
• If a non-maintainer opens a PR → preview deployment is paused until a maintainer explicitly approves it.

This would help prevent accidental or malicious exposure of sensitive data while still keeping previews convenient for trusted maintainers.

Use case example:

1. External contributor opens a PR.
2. The code contains logic that dumps environment variables.
3. Without approval gating, a preview deployment would run and expose those variables.
4. With approval gating, the deployment is paused until a maintainer reviews and approves it.

This feature would add a valuable layer of security for projects that rely on preview deployments.

[gltched-usr]

+1 I think this actually is a huge security risk

[andrasbacsai]

created an issue of this: #6546