"Allowed to push" to supersede "Code owner approval"

With the release of 12.4, Code Owner Approvals was moved to "per protected branch": https://about.gitlab.com/blog/2019/10/22/gitlab-12-4-released/#code-owner-approvals-for-protected-branches

With this change, our CI bots can no longer push to master, even though the bot user is on the list of users "Allowed to push". See screenshot:

We want users to have to do Merge Requests with Code Owners, but we want our bot to be able to directly push bypassing this MR process. That is the point of the "Allowed to push" list.

This worked prior to this 12.4 release. The 12.4 change broke our pipeline and code owners doesn't honor the "Allowed to push" rule.

Proposal

Basically, Code owner approval should not apply to users in Allowed to push.

Allowing a user who is "Allowed to push" to override pushing directly to a protected branch (and a file matching a CODEOWNERS file pattern) is more flexible than the alternative (Code Owners overriding branch protection settings). In the event a project maintainer doesn't want to allow direct pushes to master, they can simply configure “no one” under allowed to push, whereas Code Owners taking precedence does not allow for flexibility.

Additionally, to clarify the intersection between the Allowed to… fields and the Code Owner approval toggle, it would be helpful to add an explanation to the UI.

Does not apply to users allowed to push.