[chore][ci]: restrict permissions to /rerun only to PR authors (#45078)

<!--Ex. Fixing a bug - Describe the bug and how this fixes the issue.
Ex. Adding a feature - Explain what this achieves.-->
#### Description

As discussed on the [core
side](open-telemetry/opentelemetry-collector#14314 (comment)),
it is safer to allow only PR authors to use the `/rerun` command.

This does not change the feature, only filters by who can execute it in
each PR.

Signed-off-by: Paulo Dias <[email protected]>

Author: paulojmdias

.github/workflows/rerun-workflows.yml

@@ -21,3 +21,4 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PR_NUMBER: ${{ github.event.issue.number }}
           COMMENT: ${{ github.event.comment.body }}
+          SENDER: ${{ github.event.comment.user.login }}

.github/workflows/scripts/rerun-failed-workflows.sh

@@ -6,8 +6,8 @@
 
 set -euo pipefail
 
-if [[ -z "${PR_NUMBER:-}" || -z "${COMMENT:-}" ]]; then
-    echo "PR_NUMBER or COMMENT not set"
+if [[ -z "${PR_NUMBER:-}" || -z "${COMMENT:-}" || -z "${SENDER:-}" ]]; then
+    echo "PR_NUMBER, COMMENT, or SENDER not set"
     exit 0
 fi
 
@@ -16,7 +16,14 @@ if [[ ${COMMENT:0:6} != "/rerun" ]]; then
     exit 0
 fi
 
-HEAD_SHA=$(gh pr view "${PR_NUMBER}" --json headRefOid --jq .headRefOid)
+PR_DATA=$(gh pr view "${PR_NUMBER}" --json headRefOid,author)
+HEAD_SHA=$(echo "${PR_DATA}" | jq -r '.headRefOid')
+PR_AUTHOR=$(echo "${PR_DATA}" | jq -r '.author.login')
+
+if [[ "${SENDER}" != "${PR_AUTHOR}" ]]; then
+    echo "Only PR author can rerun workflows"
+    exit 0
+fi
 
 echo "Finding failed workflows for commit: ${HEAD_SHA}"