Audit events for SSH certificate CRUD activities
Overview
During Add support for git access control via SSH cert... (&10662 - closed) and particularly REST API endpoints for adding/removing group CA... (#421915 - closed) an ability to create/read/delete ssh certificates of a group has been added.
Let's consider adding audit events to track those activities:
For compliance and security reasons, some customers have automation in place ("Change detector") which queries the GitLab Audit API for "events of interest", and flags them to the appropriate internal teams if any of such event occurs. An "event of interest" is any event that could affect the secure and compliant configuration of our GitLab (sub)groups or projects. The Change Detector enables responding to unintended/malicious changes in a timely manner, thus reducing the corresponding risk.
Any CRUD activity on the ssh certificates would be an "event of interest", as it affects git access control. Exposure of such activity via the Audit API will give us the ability to respond to it as described above.