Create a dedicated docs page for pipeline security topics
Problem to solve
Create a Security Best Practices Documentation:
GitLab has a CI/CD variable security section, but it is under the Variables docs (which means it's not visible in the left navigation sidebar) and there are some security practices we recommend that are mentioned outside of this section. For example, limiting environment scope, recommending that users store sensitive variables in the UI setting instead of the .gitlab-ci.yml file, recommending OIDC and external secrets, etc.
A lot of this info already exists in our docs, but they are scattered and are framed in a more descriptive than prescriptive/suggestive manner. I think it would help to have a dedicated guide for securing pipelines that users can refer to and see/compare the different options GitLab has to offer. As we add more options, this guide will grow and it will be the jumping-off point for users to check more in-depth guides for the different solutions we have to offer (encrypted variables, external secrets, native solution). I also noticed that external secrets, CI/CD Variables, and environment scopes are in different sections of the docs, so I think it would help to have this one document that connects them together. We can link this guide in the UI as well (as Learn More links).