Duo Agent Platform workloads/* branches create UI clutter and scalability concerns

Problem

When Duo Agent Platform flows are started, they create workloads/* branches to perform their work. This approach is causing several issues:

1. UI Clutter: Users see prompts to create merge requests for these workloads/* branches, which is confusing since users are not expected to create MRs for these branches. This has caused confusion internally within 24 hours of being enabled. -> This should be solved by composite identity

2. Branch List Pollution: The workloads/* branches clutter the branch list UI, making it harder for users to find their actual working branches.

3. Scalability Concerns: Excessive ref growth is already causing performance problems, particularly for features that require full replication (e.g., Geo). This affects the system regardless of whether the refs are advertised or not.

4. Unintended Feature Interactions: Because these are regular branches, they integrate with existing GitLab features in unexpected ways:

   • Branch protection rules could inadvertently apply to workloads/* branches
   • Protected variables could start showing up in workloads if someone protected workloads/* in their project
   • Other branch-based features may behave unexpectedly

5. Lifecycle Management: There appears to be no clear lifecycle management for these branches, leading to accumulation over time.

Desired Outcome

Duo Agent Platform flows should be able to perform their work without creating branches that:

• Clutter the UI with merge request creation prompts
• Pollute the branch list
• Cause scalability concerns through excessive ref growth
• Trigger unintended interactions with branch-based features

The solution should work for all Duo Agent Platform flows as usage is expected to grow significantly in the future.