Add new endpoints to fine-grained permissions for CI/CD job tokens
### Background The job token has limited resources which often forces customers to use long-lived tokens such as PATs or GrPATs. This is not an ideal security practice and GitLab should identify what would attract customers to use ephemeral tokens that are relevant to CI/CD workflows. ### Proposal Fine-grained permissions for job tokens was recently completed. The next phase is to evaluate new endpoints/permissions to add to fine-grained job tokens by leveraging its framework. This allows customers to not have to rely on long-lived tokens and minimize token management. Endpoints and permissions in scope: 1. [Push to git repository](https://gitlab.com/gitlab-org/gitlab/-/issues/468320) ~"group::authentication" 2. https://gitlab.com/gitlab-org/gitlab/-/issues/555864+ 3. https://gitlab.com/gitlab-org/gitlab/-/issues/555865+ 4. https://gitlab.com/gitlab-org/gitlab/-/issues/555866+ 5. https://gitlab.com/gitlab-org/gitlab/-/issues/555867+ 6. https://gitlab.com/gitlab-org/gitlab/-/issues/555868+ ### Discovery and Analysis https://gitlab.com/gitlab-org/gitlab/-/issues/525339+ [Tableau Data](https://10az.online.tableau.com/#/site/gitlab/views/TokenandAPIUsageWorkbook/APIUsageinCICDPipelines?:iid=1) ### Contribute [Job token development guidelines](https://docs.gitlab.com/development/permissions/job_tokens/) <details> <summary> ### Original write-up </summary> The scope for the CI_JOB_TOKEN is not granular enough for what users want to accomplish. This epic will house the issues for fine tuning the scopes of CI_JOB_TOKEN per project. **Note** that this work is tied to https://gitlab.com/groups/gitlab-org/-/epics/9844+ which is a UI to allow project owners control over what external tokens can access. A starting point for the permissions to be tweaked would be: * [Repository](https://gitlab.com/gitlab-org/gitlab/-/issues/389060) - read/write/none * Issues - read/write/none * MRs - read/write/none * Pipelines API - read/write/none * Jobs API - read/run/none * Artifacts API - read/write/none * Registry - read/write/none * Pages - read/write/none * [CI_lint](https://docs.gitlab.com/ee/api/lint.html) - read/write/none </details>
epic