CI: Automating workflow execution for internal contributors onlyy

[Muhamed-Husic]

Motivation

The goal of this PR is to make sure untrusted fork contributors can't run performance pipeline without explicit maintainer approval, while trusted contributors (members, collaborators and same repo PRs) run it automatically.

Technical Details

Same repo PRs and trusted contributors now run this workflow automatically without needing ok-to-test label, while untrusted fork contributors still require maintainer approval via ok-to-test label before anything runs. Also added new job to display message to external contributors, add label external-contributor to their PR, and also remove ok-to-test label in cases where maintainer approves a fork PR by adding the label, but the contributor then pushes new (potentially malicious) commit before the tests finish. Without this those new unreviewed commits would run through the pipeline under the cover of previous approval.

Changelog Category

Add a CHANGELOG.md entry for any option other than Not Applicable

• • Added: New functionality.
• • Changed: Changes to existing functionality.
• • Removed: Functionality or support that has been removed. (Compared to a previous release)
• • Optimized: Component performance that has been optimized or improved.
• • Resolved Issues: Known issues from a previous version that have been resolved.
• • Not Applicable: This PR is not to be included in the changelog.