Allow mapping/reassignment from Placeholder-users to Service accounts and Group and Project bots via API and CSV

Customer situation

We had set up group and projects at gitlab.com with users for renovatebot and scala-steward. we needed to migrate that setup to self managed instance with service accounts already setup for renovatebot and scala-steward. So we searched for a solution to map these users to the corresponding service accounts, but that's not possible as support told us.

Would be a nice feature to have the option to reassign placeholders to Service accounts.

General description

copied from #561218 (closed)

When importing projects using direct transfer

a placeholder user is created for any active, inactive, or bot user with imported contributions or memberships.

However

Bot user contributions and memberships on the source instance cannot be reassigned to bot users on the destination instance.

Currently, for non-human placeholder users i.e. bots and service accounts

You might choose to keep source bot user contributions assigned to a placeholder user.

In certain cases, like the one described in the customer situation, this may be a blocker.

Another example are project protected branches unprotect_access_levels, where only the specified user can then unprotect the branch.

Although this is also a gap with the unprotect_access_levels feature, where only the configured user can override the setting (not even admins), it is firstly a gap for placeholder user reassignment. Being able to reassign placeholder users to service accounts would prevent one to run into the unprotect_access_levels feature gap.

NOTE: There may be other cases, where creating a placeholder user for a non-human account configured for a feature on source, blocks the usage of the feature on destination.

Proposal

To prevent locking direct transfer imported project protected branches that have service accounts configured on source:

• Allow one (top-level group Owners) to reassign placeholder users to service accounts
  • Not in scope: Allowing the same for group/project bots i.e. internal users is a different topic
• Acknowledge that this type of reassignment should not require approval, as service accounts cannot receive or approve emails
• For the first iteration, only reassignment via API and CSV will be supported.
  • Not in scope: Support via UI will be implemented on #572534

Input discussions

• #523260 (comment 2530456348)
• #513686 (comment 2318478652)