runner wide after_script execution

Description

We have a script, say auth against a in-house server using job jwt, we want to run for all jobs spawned by a runner. (We currently use Docker+machine executor and also testing out kubernetes executor).
For pre-build, I can use gitlab-runner register --pre-build-script myscript-login to trigger for all jobs and any scripts running in before_script, script, after_script can reference the auth.
For post-build, I tried --post-build-script myscript-logout. However, it runs before after_script and scripts running in after_script can't reference the auth.

Current solution is TTL on auth, but we would like to proactively revoke the auth when it's done.

another example script is to log CI_JOB_STATUS. If CI_JOB_STATUS is logged with post-build-script, it still shows running instead of desired job status [success, failed, canceled] you'd get from after_script

Proposal

another script section in runner config(plus flag to set at register time) that executes runner-specific command script after after_script is executed. This command should be triggered regardless of job status.

Links to related issues and merge requests / references

might be something similar to cleanup_exec by custom executor: https://docs.gitlab.com/runner/executors/custom.html#cleanup
run after_script regardless of the job status: gitlab#15603 (closed)