Allow to create fork MR pipelines in parent project

What does this MR do?

This MR allows non-project members to create pipelines when it's fulfilling the following condition:

• The pipeline is Pipeline for Merge Requests
• The target project enables the project option - "Allow fork pipelines to run in parent"

Related: #11934 (closed)

Resource restriction

Currently, pipelines have a full permission to access any resources in the same project. This means external users also have the same permission once they can create pipelines on the parent project.

In order to prevent from leaking parent's secrets accidentally, we ship a proper permission model on the resource control. See

• !19619 (closed)
• !19620 (closed)
• !19621 (closed)

Feature Flag

This feature is built behind allow_fork_pipelines_in_parent feature flag and it's disabled by default.

Screenshots

Does this MR meet the acceptance criteria?

Conformity

• Changelog entry
• Documentation (if required)
• Code review guidelines
• Merge request performance guidelines
• Style guides
• Database guides
• Separation of EE specific content

Availability and Testing

• Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
• Tested in all supported browsers

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

• Label as security and @ mention @gitlab-com/gl-security/appsec
• The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
• Security reports checked/validated by a reviewer from the AppSec team