feat(webhook)!: support build approval based on repository settings

[ecrupper]

This is the server-side implementation for approving builds, specifically from fork repos during PR builds.

A couple small refactors that made this possible:

• PublishToQueue now takes the route as a parameter rather than determining it. This was done in order to avoid unmarshaling the pipeline object when approved. We're able to do this by preemptively setting the build.Host to the specified route rather than waiting for a worker to pick it up.
• RepoAccess accepts a user name rather than an entire user object since that's all we need + adds ability to check for access of sender without creating a fake user object and populating the name
• executors.Establish() has an additional check on build status since host is now being set as the route while the build is pending / pending approval.

The main idea of the implementation is to separate the publishing of the build executable from the publishing to the queue. If the build is clear to run, the PostWebhook handler will take care of both. However, if it is not clear to run, then the new ApproveBuild handler will handle queue publishing while the PostWebhook handler just generates and publishes the executable.

Lastly, the status report to the SCM for builds pending approval has been adjusted to describe the situation, making the experience more understandable for users having their builds gated.

[codecov]

Codecov Report

Merging #1016 (cbef404) into main (5e1a7d3) will decrease coverage by 0.48%.
The diff coverage is 5.92%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1016      +/-   ##
==========================================
- Coverage   68.36%   67.89%   -0.48%     
==========================================
  Files         317      318       +1     
  Lines       13641    13738      +97     
==========================================
+ Hits         9326     9327       +1     
- Misses       3848     3944      +96     
  Partials      467      467              

Files	Coverage Δ
scm/github/webhook.go	85.60% <100.00%> (+0.03%)	⬆️
api/build/get_id.go	0.00% <0.00%> (ø)
api/build/publish.go	0.00% <0.00%> (ø)
api/build/cancel.go	0.00% <0.00%> (ø)
scm/github/access.go	82.17% <57.14%> (ø)
scm/github/repo.go	76.56% <0.00%> (-0.54%)	⬇️
router/middleware/executors/executors.go	2.46% <0.00%> (-0.07%)	⬇️
router/middleware/perm/perm.go	59.12% <42.85%> (ø)
api/build/create.go	0.00% <0.00%> (ø)
api/build/executable.go	0.00% <0.00%> (ø)
... and 2 more

[KellyMerrick]

lgtm

[KellyMerrick]

lgtm