Confidential comments on an issues, merge requests, and epics

It would be good to be able to mark an individual note within a wider issue as confidential. This could be used for a range of purposes, from collaborative drafting of a response to a difficult question in an issue, to making inline notes about security problems discovered in the course of an MR or issue discussion.

Thoughts? /cc @smcgivern

Use cases

Security problems (above)
Non-public conversations (https://gitlab.com/gitlab-org/gitlab-ee/issues/6049#note_73453958).

Scope

Should be available for issues, merge requests, and epics.

Edge cases

As noted for a use case of service desk (https://gitlab.com/gitlab-org/gitlab-ee/issues/2257#note_74491279), we should send notifications only to people who can view the confidential comment. And so for service desk, you can have a confidential comment discussion apart from the service desk issue initiator.

Edited May 23, 2018 by Victor Wu