Add System tokens that act like personal tokens

Problem to solve

We currently let one project run a CI job via schedule that spawns or kills Cloud VMs at hetzner with gitlab-runner on them (a project to use kubernetes-free gitlab-runner for our CI / will be open-sourced in the next weeks). While we want to unregister such a gitlab-runner, we currently use SSH to login as root and run gitlab-runner unregister all before killing the VM. This is not so cool but it works.

For this feature we would like to use the Gitlab API to unregister a runner directly but for that we need API access and a personal token. But we don't want to use a personal token from a random staff member but instead it would be nice to have something like a system token. These are tokens (same functionality as personal ones) that any admin can create in the Admin Overview somewhere.

Intended users

Devs, Admins, CI responsibles

Further details

The ideal outcome would be an additional System Tokens Tab in the Admin view where an Admin can create tokens that can at least use the API with all rights or maybe also do all other things that personal tokens can do. Currently you have to pay for another "User" that is only there to provide this staff member independent token.

Proposal

See Further details

Permissions and Security

From my perspective it would be sufficient that only users with Admin privileges can create system tokens