Add tip about general git clone authentication.

The CI_JOB_TOKEN post 8.12 allows the cloning
of any repositories that are accessible by the triggering user.
This was not documented anywhere, and the documentation
was in particular very specific on git submodule dependency management.
This commit adds a tip about cloning arbitrary repository paths.

doc/user/project/new_ci_build_permissions_model.md

@@ -141,6 +141,7 @@ with GitLab 8.12.
 With the new job permissions model, there is now an easy way to access all
 dependent source code in a project. That way, we can:
 
+1. Access a project's dependent repositories
 1. Access a project's [Git submodules][gitsub]
 1. Access private container images
 1. Access project's and submodule LFS objects
@@ -177,6 +178,22 @@ As a user:
   access to. As an Administrator, you can verify that by impersonating the user
   and retry the failing job in order to verify that everything is correct.
 
+### Dependent repositories
+
+The [Job environment variable][jobenv] `CI_JOB_TOKEN` can be used to
+authenticate any clones of dependent repositories. For example:
+
+```
+git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com/myuser/mydependentrepo
+```
+
+It can also be used for system-wide authentication
+(only do this in a docker container, it will overwrite ~/.netrc):
+
+```
+echo -e "machine gitlab.com\nlogin gitlab-ci-token\npassword ${CI_JOB_TOKEN}" > ~/.netrc
+```
+
 ### Git submodules
 
 To properly configure submodules with GitLab CI, read the
@@ -221,3 +238,4 @@ test:
 [triggers]: ../../ci/triggers/README.md
 [update-docs]: https://gitlab.com/gitlab-org/gitlab-ce/tree/master/doc/update
 [workhorse]: https://gitlab.com/gitlab-org/gitlab-workhorse
+[jobenv]: ../../ci/variables/#predefined-variables-environment-variables