Repo Checks: Remove team maintainer role when team grants repo access

[kdmccormick]

Okay, this is more of a "team check" than a "repo check", but we can probably figure that out.

Background: Having the "maintainer" role on a team means that you can add or remove folks from the team. For teams that grant repo access, this means that the maintainer has the ability to escalate anyone's repository privileges to at least whatever the team grants. We don't want this, because we need all repo access changes to go through Axim. For teams that don't grant any repo access, it is fine (even good) for team members to have the maintainer role so that they can manage the team themselves.

### Tasks
- [ ] Create the idea of a "team check" in repo_checks
- [ ] Write a team check that says IF a team grants repo access, ENSURE that it has no maintainers
- [ ] Apply the check to all teams