Extracted from https://gitlab.com/gitlab-org/gitlab/-/issues/404722#note_1462094036. Similar to `runner_environment`, this would allow policies to target public projects only. See [related issue](https://github.com/sigstore/fulcio/issues/1263) describing npm's use case for blocking the publishing of public packages from private repositories. - [x] Add `project_visibility` JWT claim - https://gitlab.com/gitlab-org/gitlab/-/merge_requests/125787