Accept only jobs started by a list of known people (with opt-out possibility).

The custom executor should be able to reject jobs in pipelines triggered by "unauthorized users". This is particularly important for repositories with many collaborators where either runners are allowed to execute jobs from unprotected branches, or many users can push to protected branches.

The executor could look at the values of the variables GITLAB_USER_LOGIN, GITLAB_USER_EMAIL, GITLAB_USER_NAME. These cannot be set in a CI pipeline file, but can still be set by someone that can modify repository settings (i.e., CI/CD variables).

Note that Jacamar extracts this information from a JWT token that gitlab provides. The problem with this approach is that GitLab does not provide this information automatically (or it is planned for it to stop doing this in releases in the near future), and requires each job to have an id_token section (see https://ecp-ci.gitlab.io/docs/guides/id-token-migration.html#migrating-with-previous-jacamar-ci-versions).