Add a "SCM" user role to push changes to master branch
Problem to solve
Ideally, for safety, neither maintainers or developers should be allowed to push changes to master branch. It should be done by some special user. But currently in "Protected Branch" configuration, you can only select Maintainers or Developers.
Proposal
Have a dedicated SCM user role, who can do the dirty job above but nothing else. This normally is not a real human account. And in CI/CD pipeline configuration this account can be used to do master push, for example, merge release branch to master, then push.