Workflows: Extra security check in runners
We only want to run trusted pipelines for people in a GitLab group. While this will mostly be handled by [gitlab-org/gitlab#11934 (closed)] and requiring a manual trigger by a trusted contributor for public contributors, there's a chance that things go wrong (bad config, exploit, etc.). As a final check before actually running the code on the runners, we can check if the pipeline/job was actually triggered by a group member in pre_clone_script [https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section] and drop the job otherwise.
Acceptance criteria:
- Implement the security sanity check described above
- Send a notification if the check fails so we know about the problem and can work on fixing it.
JIRA ticket created by @veruu