Container registry rights for non-developers

Hi! I have the project Deploy with the stored container image that I’m using in pipelines of another GitLab projects as a base image for some jobs. Now if the user of my organization has at least “Developer” rights - he can run the pipeline in another project that can use container image from the Deploy repository as a base image for the job. Meanwhile, I have some contractors with granular rights, who can have access to the selected projects as Developers, but not to the project Deploy. In this case, they failing to run the pipelines using container image from Deploy as the job’s base image. So, I cannot give them Developer rights to the Deploy project, at the same time I don’t know which rights I shall give them. Giving them “Guest” rights still does not provide access to the image of the Deploy project’s container registry. So, how to solve my problem? Which access rights do I have to provide to my contractors to keep their access to the project repository not higher than on the read-only level, but at the same time to provide the read-only access to the container registry of the same project? Actually, read-only access to the project’s container registry will be enough.