Limit number of projects in a CI_JOB_TOKEN Scope per direction

Background

In #346298 (closed) we introduced the inbound job token scope. Using this feature we can define a list of which projects a CI_JOB_TOKEN can access.

Problem

With no limit to the number of projects in the scope we can face abuse or performance issues.

• Pros of having limits
  • ensures that the feature is performant in both checking whether a project is in the scope as well as managing the scope via GraphQL/UI
• Cons of having limits
  • before the Job Token Scope being introduced the CI_JOB_TOKEN had access to any projects that the job user could potentially access. We don't know if more projects will need to have access to a particular project.

Proposal

Create an application limit that applies to the number of projects in the inbound job token scope for a project. The default should be a limit of 100 projects.

Implementation Details

We can use plan limits so that a plan administrator can set the limit.

The limit should be on # of links per source_project and direction since links can have on unique record with a particular to source_project, target_project and direction.

We should make sure that any api endpoints that add a project, currently the graphql mutations !99166 (merged), respond with an error and do not add more projects if the user tries to add another project when they are already at or over the project limit per direction. To do this we can respond with a ServiceResponse with an error from the AddProjectService without needing to touch the graphql code added by MR !99166 (merged).

We must document the limit alongside other plan limits.

It's only important that the limit applies to the inbound scope as the outbound scope will be removed in 16.0.

This should be in place before enable the flag ci_inbound_job_token_scope so I've marked it as blocking.