Automatic updates to the list of allowed actions

[barchw]

Description
Third party actions and their versions that are allowed to be used in Kyma organisation repositories are stored in docs/contributing/assets/allowed_actions.json. This list is often outdated, making the process of being up-to-date with the actions releases problematic.

This issue proposes a solution of having an automation that would create a PR to this list, that could later be approved by Kyma Security team (dependabot alike)

Reasons
Being up-to-date with actions.

References

• Silently failing GitHub Action Workflows because of failed allowed version propagation  #911

[strekm]

@TorstenD-SAP and myself meet to discuss this issue and we have following:

• merge of PR should trigger workflow executing a script adding allowed GH Actions
• above workflow should notify on failure
  Idea to improve PR review would be to investigate if auto approval is possible when only GH Action is updated to newer version. Full approval would be only needed if completely new GH Action is added. Depending on outcome restructuring might be necessary.
  In the case of an automatic approval the script should be capable to check if GH Action version is submitted in proper format and if other things are submitted in "compliant" way (e. g. security review was performed).

[strekm]

another comment on my side: any validations should be done on PR. if that is failing merge should be blocked. main should be always in clean state and automation is only propagating this configuration
that kind of validation should be in place even if we do not have auto approval