Allow Ultimate Guests to view repository content in private projects (view-only, not pull/push)
Background
Today, Guest Users on GitLab.com don't have the ability to view or pull code from Private Projects. This is frustrating for Ultimate subscribers, who feel that the Guest privileges are too restricted, that they are not useful.
Note that in our self-managed Product, Guest users do have the ability to view and pull code on internal projects, but not private projects.
Proposal
Add a custom role that is limited to guest users under an Ultimate license. This custom role would grant guest users read-only access to private projects in Ultimate so that they can view code. Note that this does NOT include pulling / pushing code. That is covered in this issue.
We need to build in logic for this to ensure the "View Code" permission added onto a Guest role and saved as a new role does not occupy a paid seat.
We did confirm with @sean_carroll and @tlinz in this - internal only discussion that it is possible to distinguish between viewing and pulling code.
This needs to be a new role, and customers should be able to opt in to using it, rather than to have it forced on them. Some customers do not want the current Guest user to have any more permissions than it already does, and doing this without a breaking change notice is not acceptable. The current "Guest" role must continue to have the same permissions as it does before the change.
Workaround
https://gitlab.com/gitlab-gold/tpoffenbarger/guest-user-project (demo)