Add "Manage Protected Branches" as a customizable permission

Release notes

Project maintainers have the ability to manage protected branches. This often leads to a user becoming overprivileged where they may not need other project destructive permissions. With the release of this permission, you can create a custom role to allow a Developer (or any base role) plus this permission to manage protected branches without being overprivileged.

Background

Project maintainers have the ability to protected branches. This leads organizations elevating a subset of users who need to manage these settings that as a consequence can edit other Project settings. This permission will allow a custom role such as Developer + this permission offering organizations to reduce Owners and Maintainers in their environment

Proposal and User Experience

1. When creating a role, any base can be selected. A new permission is available and labeled "Manage Protected Branches" that can be selected.
2. The permission actions for admin_protected_branches includes creating, reading, updating, and deleting protected branches along with properties associated:

Group Actions	Project Actions
No group actions available	Project Repository Settings CRUD on Protected Branches Including properties Allowed to Merge Allowed to push and merge Allowed to force push Code Owner Approval

APIs

• https://docs.gitlab.com/ee/api/protected_branches.html

Views+Workflows include:

• Base + permission: Can see Project-> Settings -> Repository Settings -> Protected Branches

Documentation

• Permissions attribute: admin_protected_branches
• Permission Title: Manage Protected Branches
• Permission Description: Create, read, update, and delete protected branches for a project.
• Update prerequisites for...

Evidence

• #391760 (comment 1497709588)
• #391760 (comment 1504880260)
• #391760 (comment 1570435642)