Introduce an allow-list for the Ansible runner
As soon as there is a GitLab runner assigned to a project, each maintainer of that project can run any Ansible script on the destination host. This is no problem while we only have projects with trusted maintainers. But when we offer a demo project which allows unknown maintainers to give that a try, this opens a door to potential trouble. Therefore, we need to implement an allow-list of Ansible scripts that can be executed in this context.