Breaking change: Update API permissions for Package settings to Maintainer/Owner

Context

The GitLab Package stage offers a Package Registry, Container Registry, and Dependency Proxy to help you manage all of your dependencies using GitLab. Each of these product categories has a variety of settings that can be adjusted using the API. Currently these settings require Developer+ permissions.

Problem to solve

Some of these settings like cleanup policies will permanently delete dependencies, which is quite a destructive action. After doing competitive research, most other companies limit these settings to Maintainer/Owner users.

Proposal

Update the permissions level of the GitLab API to require Maintainer/Owner level permissions to CRUD any Package stage-related settings.

Settings

Mutation.updateNamespacePackageSettings
PackageSettings
DependencyProxySetting
DependencyProxyImageTtlGroupPolicy
Mutation.updateDependencyProxySettings
ContainerExpirationPolicy

Validation notes

⚠ When working on the Package Settings, it is crucial to validate all the related security issues get fixed. See #322055 (comment 862775425)

Edited Apr 29, 2022 by Steve Abrams