Instance setting for turning off the ability to make the package registry public
Context
You can control the visibility of the Package Registry to allow anyone to pull from the registry: https://docs.gitlab.com/ee/user/packages/package_registry/#allow-anyone-to-pull-from-package-registry. This works great for customers that want the ability to share their project's registries.
Problem to solve
The problem is that for customers in highly regulated environments. They need to ensure that their project's package registry is never available to the public. And since there is no way to turn this feature off globally, they have no way of preventing this behavior.
Proposal
Add the ability to toggle this feature on/off at the instance level so that customers can easily turn the feature off if they need to.
Further details
Add a single application setting at the instance level and make the backend disable the option if that setting is off.
- This is a pure single backend MR.
As a follow-up, we can add:
- frontend changes/work.
- cascading setting support.