Automatically push docker images to security container registry when it's a security merge request
Overview
As part of the security process the app sec team has to do manual QA to verify that the fix is valid before we merge the merge request. For gitlab/gitlab-org
they provide as package-and-qa
job that automatically publishes docker images and packages for them to download and run tests.
At the moment AppSec team has nothing of this sort for the Runner project
Proposal
Update the CI pipeline, so that development docker images pushes to the image to registry.gitlab.com/gitlab-org/security/gitlab-runner
automatically. This should only happen when a merge request that is opened in https://gitlab.com/gitlab-org/security/gitlab-runner.