Clarify and sign off authorization between projects and agents for workspaces
Context - https://gitlab.com/gitlab-org/gitlab/-/issues/412283#note_1410736284
I'm personally fine with this, but it means:
- We should update the internal docs do clearly reflect this - currently they haven't been updated to show the implementation we currently have: https://gitlab.com/gitlab-org/remote-development/gitlab-remote-development-docs/-/blob/main/doc/mapping-projects-to-agents.md#interim-solution (we can use some of the explanations in this issue, such as this comment above)
- We need to clearly have Product and Security sign off on the concerns raised on this issue: I.e, that there's currently no way to revoke a users access to a running workspace.
- We need to have the appropriate security exceptions/etc for as long as the "interim" solution will remain in place.
Edited by Vishal Tak