Project deployment credentials from developers, while still letting them deploy

Description

Some way to have deploy jobs with deploy credentials that are runnable by regular developers with no way of having creds leaking. For this case, it's not enough to consider having only Admins (or Operators) manually trigger the deploy, or have the MR go through an approval flow before deployment. The use-case is for a fully automated deployment system where some trust is given to the developers, but risk is still reduced as much as possible.

Proposal

Protected jobs that can't be edited, have access to variables that other jobs don't

Links / references