Support for read-only Kubernetes credentials

In some cases, a customer may not feel comfortable loading read/write credentials for k8s into GitLab's integration. For example security policy may dictate that the cluster credentials for production should live in a vault, accessible on specific CI runners.

Would our integration features work with a readonly account, like deploy boards? I imagine Terminal will fail.

We may want to think about this when designing features, and offering graceful errors/failures when the account is read only or doesn't have the required permissions.