I have not clue how your org / company operates and what your workflows are, but imho each user should have their own SSH keypair - that’s how it’s designed to be used. For deployment machines, you can just create deployment keypairs.
I assume that each user has their own account on your Gitlab instance, they should just add the public key from their keypair. They can then push/pull to repositories that they maintain.
Each deployment machine has their own keypair (or they can share them - suit it yourself) and you can add deployment keys to your Gitlab instance on instance / groups / project level.
Each repository can then allow pull|push actions for specific deployment keys, so your applications can run specific actions against your repos.
You can achieve that by just adding a deployment key, to that specific user, which has push rights. You don’t need a single global keypair for everything.
You can imagine deployment keys like a separate user - it’s just that the user in your gitlab’s DB doesn’t exist, only the “permission to perform actions against a repo” does.
You can add global deployment public keys in
/admin/deploy_keys section. Then every project can just add the needed permissions to them. For example, you only need pull access from one repo, but you need to push compiled binaries to another one - give push&pull permissions for that key in the second repo and just pull in the first one.