Currently lockable-resources are defined globally by a Jenkins admin with a globally unique name, can be used by any job anywhere, and have global permissions to reserve/unlock, however this does not scale well to large deployments.
Following the examples of credentials and permissions, lockable-resources should be per folder, subject to folder permissions, and unique only within the folder. Only jobs in that folder should be able to use the lockable resource. Only users given permission at the folder level should be able to lock/unlock that specific resource. When that folder is deleted (end of project), those lockable resources should go away.
lockable resources should be per folder, not just global.