Feature request: Add project-level option to prevent tagged builds from being deleted

Description

In many environments, Git tags are considered sacred. We deliver binaries built from GitLab CI when tags are pushed. "Tagged builds" (i.e. builds triggered by Git tags) should be considered sacred as well.

Currently, it is simply too easy for "tagged" builds to be removed:

The "remove build" button is available on tagged builds
- I believe this is even enabled at the developer level.
It is difficult to enable artifact expiration while keeping tagged builds.
- One must split their build job into only: tags and except: tags parts
Because of the large disk space requirements, there are issues open for managing artifacts at a site-level. One must also consider tagged builds in these scenarios:
- https://gitlab.com/gitlab-org/gitlab-ce/issues/23366
- https://gitlab.com/gitlab-org/gitlab-ce/issues/18351
Tools that leverage the GitLab API could also accidentally remove tagged builds
- My tool, gitlab-artifact-cleanup specifically never removes tagged builds

I first raised this concern during the development of the artifact expiration feature: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4200#note_12118456. This behavior has been requested by a number of people:

Proposal

Add project-level option to prevent tagged builds from being deleted.

This option would, for tagged builds:

Override artifact expiration -- the build will never be deleted
Prevent users from clicking the "erase build" button
Prevent the build from being erased via the API
Prevent the build from being erased via any future "cleanup" admin tools

There may be a desire to override this feature, but only by project owners, and with extra confirmation.