Allow service account to have deploy keys
Problem
Sometimes Deploy Keys causes a confusion that the key doesn't work in certain condition, for example, git-push fails by protected branches/tags. This is because GitLab evaluates the creator of the deploy key if the person has permission to access to the Git-Ref and subsequent processes, such as pipeline runs.
However, the point of Deploy Keys is to treat it as an individual machine user, so that it should NOT be affected by the creator of the deploy key. For example, deploy keys should keep working even after the creator of the deploy key removed from the project.
The current workaround is to ask users to create a service account (a.k.a. a bot user) for deploy keys, but it's a bit cumbersome to do this per project.
Proposal
GitLab now has the first-class service account feature, but it can only create PAT today.
We should allow SA to have Deploy Keys as well.