Deploy tokens stopped with external authentication after security fix

After https://gitlab.com/gitlab-org/gitlab/-/issues/368416+ was "fixed" deploy tokens simply stopped working when External Authorization is enabled.

For some users, it was however an essential part of the workflow, so now they need to disable External Authorization to make their deployments work.

One client example (internal):

1. they use External Authorization only for purpose of using Classification labels
2. they don't specify the Service URL, so effectively External Auth doesn't work:
   Screenshot

   
3. But even in that case deploy keys are broken.

Possible solutions

1. Allow using deploy tokens if Servise URL is empty
2. Properly separate Classification Label feature from External Auth and don't rely on URL being empty
3. (there are probably other completely legit use cases, when people were using both External Auth + deploy tokens). So maybe we should add a checkbox like "allow deploy tokens"?

Agreed upon intermediate solution

• Add a setting Allow deploy keys and tokens that allows deploy tokens to work with external auth enabled.
• The setting should only apply if no service url is provided.
• Add a helptext/hover tooptip indicating that selecting the checkbox overrides and it'll only apply if there is no service url.

See thread for background