Spike: Finalize requirements on where to publish all artifacts

Problem Statement:

An initial review of the Big Bang Edge solution with P1 Cybersecurity has determined that it is likely only IL-2, but access to it should still be restricted and approved on a case-by-case basis.

To facilitate this, a new Harbor project has been created in registry1 named 'bigbang-edge' (link). Access to this project is restricted and not automatically granted to all users like the bigbang and ironbank projects.

The requirement to restrict access means that all subcomponent artifacts must be published to the restricted 'bigbang-edge' project. Several of these components are fully under the control of the Big Bang Edge team, and are being published there. However, some of the components are being built as part of Iron Bank pipelines. These pipelines publish to the ironbank project. Our discussions with them to date have indicated that there are technical limitations that prevent them from publishing to other Harbor projects like 'bigbang-edge'.

The result of this would be some of the Big Bang Edge components being published in the 'public' iron bank project, which violates the restriction requirement from P1 Cybersecurity.

Decision Required:

At a high level, the options to resolve this conflict appear to be:

1. (preferred) Iron Bank finds a way to remove the technical limitation and publish to 'bigbang-edge'. This satisfies the requirement from Cyber and continues to leverage the goodness that comes with Iron Bank pipelines.
2. Cyber removes the restriction requirement for Big Bang Edge. In this situation, the Big Bang Edge components could be published to the 'bigbang' and 'ironbank' projects rather than 'bigbang-edge' and the Iron Bank technical limitation does not matter.
3. The Big Bang Edge team removes subcomponents from Iron Bank and handles the publishing of these artifacts to 'bigbang-edge' directly. This satisfies the access restriction requirement but means that the resulting artifacts will not have the same scanning, VAT, and attestations applied without substantial effort.