Deploy key with write access can force push a protected branch

Summary

A deploy key with write access can force push a protected branch.

Steps to reproduce

1. Setup a deploy key with write access in a non-empty repository.
2. Make sure (e.g.) the master branch is protected (e.g. merge/push restricted to maintainer).
3. Amend a commit.
4. Force push the diverged master using the deploy key with write access.

Example Project

(Not project specific.)

What is the current bug behavior?

Branch is force-updated despite protection.

What is the expected correct behavior?

Forced push to protected branch should be denied.

Relevant logs and/or screenshots

(None.)

Output of checks

Observed both on GitLab.com and a hosted GitLab instance.

Results of GitLab environment info

(n/a)

Results of GitLab application Check

(n/a)

Possible fixes

No known fix.