define role structure for externals

We should define how we want the layout of our keycloak to be, right now we have externals hierarchically listed as staff. One example is the reporter role of of the security team which is mostly just the entrypoint role that purely gives access to the tracker to create entries. This is important as f.e. gluebuddy will enforce certain aspects and will put everyone who is staff as reporter into our gitlab group. We may not want that for certain roles. This ticket is about finding out which sub groups should or should not be interpreted like this and come up with a solution how we want to handle this.