Allow to customize who can do a release

[jonenst]

Describe the current behavior

The workflow doesn't enforce anything about the user doing the workflow dispatch

Describe the expected behavior

we could enforce some things using
$ curl -s -H "Authorization: Bearer XXX" https://api.github.com/repos/OWNER/REPO/collaborators/USER/permission | jq ". | {permission: .permission, role_name: .role_name}"
{
"permission": "admin",
"role_name": "admin"
}

or
{
"permission": "write",
"role_name": "write"
}

Can be one of: pull, triage, push, maintain, admin
https://docs.github.com/en/rest/collaborators/collaborators#get-repository-permissions-for-a-user

Describe the motivation

more control over who releases, not anyone with push access to the repository

Extra Information

No response

[jonenst]

fixed by #25 , only maintainers can release
if more customization is needed (e.g. allow only admins), #37 is already available