Draft: Protected containers: Separate feature flag for different actor types

• Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA

What does this MR do and why?

As explained in the related issue, the feature flag (FF) :container_registry_protected_containers needs to be applied to a consistent actor type. This is prerequisite for the rollout procedure of the FF as described here.

At the moment, the feature flag is applied to actor types Project and Group. According to the GitLab FF guide, it is Also good - using separate FF for each actor type, see first code section. Given that only one occurrence of the FF is applied to the actor type Group, an easy solution would be to introduce a new FF :container_registry_protected_containers_group specifically for this case and leave the other occurrences untouched:

• New feature flag :container_registry_protected_containers_group is only applied to the group actor
• Existing feature flag :container_registry_protected_containers is only applied to the project actor

Advantages and disadvantages

The advantage of this approach is that we can keep the current behaviors mostly as it is and only introduce a new code path for the new FF :container_registry_protected_containers_group. On the other side, the disadvantage is that an additional FF needs to be managed for the feature "Protected containers". This should be acceptable considering that another solution for the issue would require more code changes.

🛠 with ❤ at Siemens

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

MR Checklist (@gerardo-navarro)

• Changelog entry added, if necessary
• Documentation created/updated via this MR
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Tested in all supported browsers
• Conforms to the code review guidelines
• Conforms to the merge request performance guidelines
• Conforms to the style guides
• Conforms to the javascript style guides
• Conforms to the database guides

Screenshots or screen recordings

No frontend changes. This MR only adds the new feature flag :container_registry_protected_containers_group.

How to set up and validate locally

1. Follow the steps outlined in a previous MR: !158600 (merged)
2. Enable the new feature flag :container_registry_protected_containers_group

Feature.enable(:container_registry_protected_containers_group)

4. Go to the overview list of the containers on group level: http://127.0.0.1:3000/groups/flightjs/-/container_registries => you should see the badge "protected"
5. Disable the feature flag

Feature.disable(:container_registry_protected_containers_group)

6. Reload the container overview list: http://127.0.0.1:3000/groups/flightjs/-/container_registries => you should not see the badge "protected"

Related to #480848 (closed)