Associate a role to a project's deploy key
Problem to solve
When a project's maintainer adds a Deploy Key, the key can be used for pushing to protected branches. Having a key associated to a role/set of permissions, will allow to have more granular control over what's allowed per key.
Intended users
Further details
A customer's use case, quoted verbatim:
"...we have some customer configs that we store in GitLab. Rather than giving them a service account or a user we want to create deploy keys for their repos and be able to hand that out/rescind access based on that deploy key. We of course want these customers/partners pushing into feature branches before we review the code and merge into master to have it deployed. This prevents outages on our system for them making changes.
So when I tested deploy keys on a repo I found that it would allow us to push directly to master. The only way around this is if I disabled maintainer access to push to master. We maintain maintainer access for master so that people can push emergency changes without having to do an MR. I know it only saves a few minutes, but during an outage time is of the essence so we like to have a backdoor. So it appears to me that deploy keys that I'm laying down with write access have maintainer perms, and I'd like to limit what they are capable of doing. I still want them to be able to write, but I don't want them to be able to push directly to master."