You could set up some hardcoded rules so that the PR is never merged without human review if it touches the github actions.
You could, but it would be mad to skip the code review because it "only" touches customer-facing code rather than GHA.
You could, but it would be mad to skip the code review because it "only" touches customer-facing code rather than GHA.