GitHub's remote response when pushing a branch already provides a shortcut to create a PR, and even warns about dependabot alerts, or even rejects pushing due to branch protection and secret scanning:

> git push -u origin digitarald/branchy

Create a pull request for 'digitarald/branchy' on GitHub by visiting:        
     https://github.com/…/pull/new/digitarald/branchy   

GitHub found 153 vulnerabilities on …'s default branch (3 critical, 29 high, 118 moderate, 3 low). To find out more, visit:        
     https://github.com/…/security/dependabot

When users push with VS Code, this information is lost (or at least buried in git output).

Ideas (there might be other responses I am not aware of)

1. Branch protection: GitHub - Handle GitHub's branch protection push errors #169779
2. Secret scanning: Handle GitHub's Secret Scanning Push Protection #169355
3. Create PR: Create a PR after pushing a remote branch #169776
4. Security Alerts: Potential for a security extension.