Respect protected branches for manual actions

Description

We should make sure that permissions for manual actions aligns with expectations of developers, especially for protect branches.

Proposal

Treat manual actions like a repo write.

Example: If the master branch is protected, only people with full permission to that branch can trigger a manual action on that branch.

UX

Hiding any controls to whom is not allowed to

Show the action as disabled, and clearly let the user know why they can't do it with a tooltip.

Tooltip should state: Action not possible due to protected branch

Links

• From https://gitlab.com/gitlab-org/gitlab-ce/issues/17010#note_13272378
• Master issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/21911

Documentation blurb

Manual actions now require the same permissions as a repository write, allowing control over who can trigger manual actions. For example, triggering a manual deploy job to production from the master branch can now be restricted to a narrower set of users with access to commit.