Permanently mask variables in webgui.

Problem to solve

Variables are exposed in the GUI today, for some variables this is OK but in some cases these are sensitive variables and there is no need to see them in the GUI once they have been entered.

Further details

Use case:

• Create variable
• Select "permanently mask" option, perhaps with a fancier name
• Save Variable
• Once variable is saved GitLab should never allow retrieval of the value outside the CI scope (Web GUI, REST API)

Proposal

Allow users to permanently mask variables.

What does success look like, and how can we measure that?

Internally we would measure this in adoption rate from other tooling to GitLab CI where this has been identified as an obstacle.