As discussed in the parent RFC, we want to get rid of the /rpc code in the mediawiki-config that's currently responsible for the job execution, and introduce a rest endpoint instead.
The endpoint will be protected against random job submissions by verifying the event signature, signed with mediawiki private key, like Special:RunSingleJob does. Also, since we currently don't maintain any kind of an automatic listing of REST endpoints in core, this essentially will be an internal endpoint.
However, to protect even more, it would be good to only enable it on jobrunner and videoscaler clusters and not on public-facing web or api clusters. We can control introduce a global configuration variable to selectively enable/disable the endpoint.