Use Deploy tokens to grant access to the Composer registry

Context

You use the GitLab Composer repository to publish and download your Composer dependencies to your private project. You can authenticate with a personal access token or a job token.

Problem to solve

The problem is that personal access tokens and job tokens are tied to a specific user. When you want to finalize your production workflows, you'd like to use a deploy token, which is not tied to a specific user or their permissions.

Proposal

Update the permissions model for group deploy tokens to allow for publishing and downloading of Composer dependencies using the write_package_registry and read_package_registry scope respectively.