What would you like to be added:
Give users the ability to select access restrictions (for gardener operators) for their shoot, depending on the selected region.
E.g. on the UI it could look like the following (texts are just an example and for better understanding of the requested feature and will be configurable in the Dashboard)

gardener/dashboard#689

UPDATE: see #2306 (comment) for latest proposal

The selected options should be added to the shoot spec as following:

kind: Shoot
apiVersion: core.gardener.cloud/v1beta1
metadata:
  namespace: garden-bar
  name: foo
spec:
  accessRestrictions:
    eu-access-standard:
    - eu-access-24-7-node
    foo: []

In addition, the region of the CloudProfile has to be extended with an accessRestrictions field.

• This way we can validate the shoot resource and only allow the change if the region has a corresponding accessRestrictions field in the CloudProfile
• On the UI the checkboxes would only appear only for the respective regions.

apiVersion: core.gardener.cloud/v1beta1
kind: CloudProfile
name: aws
regions:
  - name: ca-central-1
    zones:
    - name: ca-central-1a
    - name: ca-central-1b
  - name: eu-central-1
    accessRestrictions:
      - eu-access-standard
      - foo
    zones:
    - name: eu-central-1a
    - name: eu-central-1b
    - name: eu-central-1c
  - name: eu-north-1
    accessRestrictions:
      - eu-access-standard
    zones:
    - name: eu-north-1a
    - name: eu-north-1b
    - name: eu-north-1c

As described above the shoot validation needs to be extended so that in case an accessRestriction is set, it ensures that the selected region has a corresponding accessRestrictions field in the corresponding CloudProfile

Why is this needed:
In order to fulfil GDPR requirements, shoot owners should have the possibility to restrict access to their shoots in order to protect personal data.