GitLab Runner OIDC Authentication

Deployments (dogfood, prod) are currently ran from developer's personal machines. This introduces risk for error. Instead, we should have the clusters controlled from pipelines. We can configure pipelines to utilize OIDC authentication. This would make it so users can't accidentally applying changes that aren't desired, ensures that the IaC is up to date with the state of the cluster, keeps us from storing credentials in GitLab CI, enables less privileged users to suggest changes to the production cluster, enables users to view plans generated from Terraform changes, as well as other benefits.

Consideration should be made as to the benefits of resource tagging for permissions.

Acceptance Criteria:

• Add identity provider
• Create separate deployment projects that utilize the TF modules project
• Create roles for deployments (main and feature should be separate permission sets)
• Test a Terraform plan on a feature branch
• Run an apply on the default branch