Enable delay before modifying protected env, approvers, owners or deployers

Proposal

In case of hacking, the attacker could change immediately the important rules: approval rules, owners of the project/group, deployment rules, or list of protected environments. The attacker could then immediately run deployments and hardly impact the production. Adding the ability to:

• from the admin area, define a delay before these changes are effective (and protect changes to this delay as well). This would result in a behavior similar to the project deletion delay.
• add control using a physical device (notification on a smartphone, validation with a Yubikey or similar, ...) to bypass that delay. That would result in a behavior similar to the MFA experience.