Enhance Git protected tags

Problem to solve

Protected tags in GitLab currently lack approval/review requirements, significantly reducing their effectiveness as a security control. While protected branches enforce peer review through merge request approvals, protected tags allow any authorized user to create or update a tag without requiring approval from another person.

This creates a critical security gap: a single user with tag creation permissions can deploy production code to a protected tag without peer oversight. For example, a developer can trigger a production deployment pipeline on a protected tag without requiring approval from a peer or release manager, defeating the purpose of tag protection as a compliance and security control.

Organizations relying on protected tags for production deployments, release management, and compliance frameworks (SOC 2, ISO 27001, etc.) cannot enforce the separation of duties and peer review requirements that are essential for secure software delivery.

Proposal

Extend protected tags to support approval rules similar to protected branches, allowing organizations to:

1. Require approval before tag creation/update: Specify that one or more approvals from designated users, groups, or roles are required before a tag can be created or modified
2. Define approval rules: Configure who can approve tag operations (e.g., maintainers, release managers, security team members)
3. Enforce separation of duties: Prevent a single user from both creating and approving a protected tag operation
4. Support role-based access: Allow approval requirements based on user roles (Developer, Maintainer, Owner) or custom groups

This mirrors the existing approval rules functionality available for protected branches and merge requests, providing a consistent security model across GitLab.

User experience goal

Organizations should be able to configure protected tags with approval requirements, ensuring that no single user can unilaterally create or update a production tag without peer review. This provides the same level of security control and auditability for tag operations as currently exists for merge requests on protected branches.