[FEAT] Project Role Quotas

[Joseph94m]

Is your feature request related to a problem? Please describe.

Large projects often accumulate too many Maintainers or Owners, which bypasses branch protection intent and expands who can change CI/CD variables, runners, and protected branches. Some teams require at least N Owners for continuity.

Branch protection in Plumber does not measure how many accounts hold each role. A member-quota check gives a clear pass/fail.

Product alignment:

• ISSUE-507 — Members' role quotas are not respected for projects

Internal reference: controlGitlabProtectionRoleQuota.go (PolicyIssueType 31 / 32).

---

Describe the solution you'd like

Add projectMemberRolesMustRespectQuotas:

• List project members via GitLab API.
• Count members per access level (Guest … Owner).
• Compare to configured min/max per role; emit ISSUE-507 as appropriate.

Configuration in .plumber.yaml

controls:
  projectMemberRolesMustRespectQuotas:
    enabled: true
    owner:
      min: 2
      max: 5
    maintainer:
      min: 0
      max: 8

---

Implementation Hints

1. Data source: GET /projects/:id/members/all. Pagination and rate limits.
2. Registry: ISSUE-507, in control/codes.go; wire forEachIssueCode / scoring.

---

Files Touched

• control/controlGitlabProjectMemberRoleQuotas.go (new)
• control/types.go, control/task.go, control/codes.go, control/scoring.go
• configuration/plumberconfig.go, .plumber.yaml, cmd/analyze.go, gitlab/ helpers

---

Why It's Valuable

Least-privilege governance; matches documented ISSUE-507 and existing Platform behavior.

Note: If you submit a PR for this feature, please keep "Allow edits from maintainers" enabled so we can collaborate more easily.