Self-service Billing Account access for Self-Managed admins

Problem

Self-Managed instance admins face the same core problem as SaaS group Owners (tracked in #11389 (closed)): they may not be members of the Billing Account that owns the subscription associated with their instance — where the subscription is linked to the instance via the license applied to it — leaving them unable to manage their subscription or access features like the GitLab Credits Dashboard in the Customers Portal.

However, Self-Managed presents a fundamentally harder technical challenge. Unlike SaaS, where the Customers Portal can verify group ownership directly via the GitLab.com API, ownership information for Self-Managed instances lives on the customer's own instance - the Customers Portal has no direct access to it. This means we cannot reliably verify that a Customers Portal user is a legitimate admin of a given Self-Managed instance without additional signals or a purpose-built verification mechanism.

What We Need to Discover

Before proposing solutions, this issue should serve as a discovery spike to answer:

1. What signals does the Customers Portal currently have about Self-Managed instances? (e.g., subscription contact, license holder email, seat link data)
2. Could a token-based or email-domain verification flow be used to establish that a user is a legitimate admin of a given instance?
3. How does the Self-Managed instance call home to GitLab today (e.g., seat link, cloud licensing)? Could this channel carry ownership/admin signals?
4. What is the volume of Self-Managed customers affected relative to SaaS? Is the pain equally acute?

Relationship to SaaS Issue

This is a parallel problem to #11389 (closed) but requires separate discovery and a different technical approach. The SaaS solution should not be blocked on or conflated with this work.