Block back-merges of later release branches to earlier releases

In our release meeting in Brussels, we talked about blocking back-merges, where a merge is based on a later release branch, but it gets merged to an earlier branch: https://trac.torproject.org/projects/tor/wiki/org/meetings/2019BrusselsNetworkTeam/Notes/StableMaintainer#ActionItems

Our merge workflow is typically:

• base the bugfix branch on the maint branch for the earliest possible backport release
• merge the bugfix branch to master (or alpha and master)
• test for a while
• merge the bugfix branch to an earlier release, then merge forward to master
• merge maint-* into release-* for each release series

So I'm not sure exactly how we can limit ourselves to just these merges. Here are some ideas:

• Count the commits, and put a limit on the number of commits
• Keep an ordered list of releases, and check that:
  • maint: merged branches are based on this maint release, or an earlier maint release
  • release: merged branches are based on the same maint release
• Is there some neat trick that I'm missing?