[meta] Custom emoji: Who should be allowed to edit custom emoji

(this is a meta discussion to make sure our plan of attack does not get us into trouble in the future)

Problem

Anyone who has (Developer) or higher access to a group can add a custom emoji. At the moment no one can edit or remove custom emoji, but I think it's the idea to implement the similar access rights as Slack does:

  • any (Developer)+ can add custom emoji
  • any (Maintainer)+ can remove custom emoji
  • a (Developer) can remove only the custom emoji the added themselves (this needs #284641 (closed))

But consider this scenario:

  • @devA adds :tanuki: to point to tanuki
  • many people start using this emoji in their comments. Great, many happy tanuki!
  • Later @devA decides to change :tanuki: to something less kind, say for example 👎
  • Now all existing comments suddenly have 👎 instead of tanuki. Not great, many sad tanuki.

(You can imagine something worse than 👎 will be used)

For Slack I think this is less of an issue, because messages are more ephemeral, but on GitLab comments live for ever, and they might be read months or even years after typing.

Possible solutions

  • We do nothing and we trust people because they are made (Developer) so we trust them with other things as well
  • We don't allow custom emoji edits/reuse. Once a custom emoji is deleted, we don't allow someone else to recreate it.
  • We only allow (Maintainers)+ to edit custom emoji.

I'd like to settle this in &3966 (closed), so before we roll-out the feature flag.