docs/batches: Document batchChanges.restrictMergeToAdmins setting

Adds documentation for the new batchChanges.restrictMergeToAdmins site config
option which restricts merge and auto-merge actions to site admins only. This is
useful when using the Batch Changes GitHub App with elevated access, where the
App may have write permissions to repositories that individual users do not.

See sourcegraph/sourcegraph#9559

Note: This PR should only be merged once Sourcegraph 6.13 is released.
Amp-Thread-ID: https://ampcode.com/threads/T-019c2344-7386-702e-8b12-7ec2de618f53
Co-authored-by: Amp <amp@ampcode.com>

Author: keegancsmith

docs/admin/config/batch-changes.mdx

@@ -10,6 +10,18 @@ Batch Changes is [RBAC-enabled](/admin/access-control/) <span class="badge badge
 
 By default, only a batch change's author or a site admin can administer (apply, close, rename, etc.) a batch change. However, admins can use [organizations](/admin/organizations) to facilitate closer collaboration and shared administrative control over batch changes by enabling the `orgs.allMembersBatchChangesAdmin` setting for an organization. When enabled, members of the organization will be able to administer all batch changes created in that organization's namespace. Batch changes created in other namespaces (user or organization) will still be restricted to the author and site admins.
 
+### Restrict merge actions to site admins
+
+When using the [Batch Changes GitHub App](#commit-signing-with-github-apps) with elevated access, the App may have write access to repositories that individual users do not. To restrict who can merge changesets via the Batch Changes UI, set the `batchChanges.restrictMergeToAdmins` site configuration option to `true`:
+
+```json
+{
+	"batchChanges.restrictMergeToAdmins": true
+}
+```
+
+When enabled, only site admins can use the "Merge changesets" and "Enable auto-merge" actions. Non-admin users will receive an error message directing them to contact a site admin.
+
 ## Rollout windows
 
 By default, Sourcegraph attempts to reconcile (create, update, or close) changesets as quickly as the rate limits on the code host allow. This can result in CI systems being overwhelmed if hundreds or thousands of changesets are being handled as part of a single batch change.

docs/admin/config/site-config.mdx

@@ -79,6 +79,9 @@ All site configuration options and their default values are shown below.
 	// Reject unverified commits when creating a Batch Change
 	"batchChanges.rejectUnverifiedCommit": false,
 
+	// When enabled, only site admins can merge changesets or enable auto-merge via the Batch Changes UI.
+	"batchChanges.restrictMergeToAdmins": false,
+
 	// When enabled, only site admins can create and apply batch changes.
 	"batchChanges.restrictToAdmins": false,
 

docs/batch-changes/permissions-in-batch-changes.mdx

@@ -90,3 +90,9 @@ A site admin can disable Batch Changes for a Sourcegraph instance by setting the
 ## Disabling Batch Changes for non-site-admin users
 
 A site admin can disable batch changes for regular users by setting the [site configuration](/admin/config/site-config) property `"batch-changes.restrictToAdmins"` to `true`.
+
+## Restricting merge actions to site admins
+
+When using the [Batch Changes GitHub App](/admin/config/batch-changes#commit-signing-with-github-apps) with elevated access, the App may have write access to repositories that individual users do not. To prevent non-admin users from merging changesets through the Batch Changes UI in repositories they wouldn't normally have merge permissions for, a site admin can set the [site configuration](/admin/config/site-config) property `"batchChanges.restrictMergeToAdmins"` to `true`.
+
+When enabled, only site admins can use the "Merge changesets" and "Enable auto-merge" actions. Non-admin users will see an error directing them to contact a site admin to perform these actions.