Enable fine-grained access token for kyma-incubator organization

[ognyvrac]

Requested change Enable fine-grained personal access token on the https://github.com/kyma-incubator organisation. This would be very helpful towards CMP(UCL)'s migration away from Prow as quickly as possible.

These tokens can be protected by an approval policy to avoid abuse. Our main use case would be to manipulate labels on PR requests - this will be deprecated in the following month and this option can be removed.

Reason

Part of the CI infrastructure for the https://github.com/kyma-incubator/compass is being moved to an internal GitHub. However, some of the flows(image build, linting and unit testing) would still be executed in the open source repo.

In order to synchronize the workflow between both repositories, scripts have been written that require the ability to add/remove labels on PR. This requires the fine-grained token that needs to be enabled on organization level.

This would greatly decrease the time needed to migrate fully away from Prow and kyma-incubator.

Impact

Impact should be minimal as these tokens can be created based on an approval process. Furthermore, the tokens would only require write permissions for issues and PRs (only for compass), nothing destructive.

[dekiel]

The kyma-incubator organisation ownership will be transferred to compass team. The change can be done by new owners then. This will not be changed by neighbors team. The issue stay open to represent building knowledge about fine grained tokens.

[dekiel]

The fine grained access tokens are still in Beta and has some limitations on defining access for user who are not part of accessed repository or organisation. Once fine grained tokens will be out of Beta phase we should consider restricting access to fine grained tokens only.