chore: consolidate repository permissions through team-based access

[rjan90]

Summary

Closes: FilOzone/filecoin-services#70 Consolidate repository permissions through team-based access.

• Add filoz-fs team push access to filecoin-services-payments and pdp
• Remove individual push permissions for users covered by team membership

filecoin-services-payments
✅ Removed Kubuxu (individual push) → Still has push via filoz-fs team
✅ Removed rvagg (individual push) → Still has push via filoz-fs team

pdp
✅ Removed rvagg (individual push) → Still has push via filoz-fs team

synapse-sdk
✅ Removed timfong888 (individual push) → Still has push via filoz-fs team
✅ Removed TippyFlitsUK (individual push) → Still has push via filoz-fs team

Why do you need this?

Because it simplifies permission management without changing actual access levels.

Reviewer's Checklist

• It is clear where the request is coming from (if unsure, ask)
• All the automated checks passed
• The YAML changes reflect the summary of the request
• The Terraform plan posted as a comment reflects the summary of the request

[github-actions]

The following access changes will be introduced as a result of applying the plan:

Access Changes

User biglep:
  - will gain push permission to filecoin-services-payments
  - will gain push permission to pdp
User jennijuju:
  - will gain push permission to pdp
User momack2:
  - will gain push permission to filecoin-services-payments
  - will gain push permission to pdp
User rjan90:
  - will gain push permission to filecoin-services-payments
  - will gain push permission to pdp
User timfong888:
  - will gain push permission to filecoin-services-payments
  - will gain push permission to pdp
User tippyflitsuk:
  - will gain push permission to filecoin-services-payments
  - will gain push permission to pdp
User zenground0:
  - will gain push permission to pdp

[github-actions]

Before merge, verify that all the following plans are correct. They will be applied as-is after the merge.

Terraform plans

FilOzone

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy

Terraform will perform the following actions:

  # github_repository.this["tpm-utils"] will be updated in-place
  ~ resource "github_repository" "this" {
        id                          = "tpm-utils"
        name                        = "tpm-utils"
        # (36 unchanged attributes hidden)

      ~ security_and_analysis {
          ~ secret_scanning {
              ~ status = "disabled" -> "enabled"
            }
          ~ secret_scanning_push_protection {
              ~ status = "disabled" -> "enabled"
            }
        }
    }

  # github_repository_collaborator.this["filecoin-services-payments:kubuxu"] will be destroyed
  # (because key ["filecoin-services-payments:kubuxu"] is not in for_each map)
  - resource "github_repository_collaborator" "this" {
      - id         = "filecoin-services-payments:Kubuxu" -> null
      - permission = "push" -> null
      - repository = "filecoin-services-payments" -> null
      - username   = "Kubuxu" -> null
    }

  # github_repository_collaborator.this["filecoin-services-payments:rvagg"] will be destroyed
  # (because key ["filecoin-services-payments:rvagg"] is not in for_each map)
  - resource "github_repository_collaborator" "this" {
      - id         = "filecoin-services-payments:rvagg" -> null
      - permission = "push" -> null
      - repository = "filecoin-services-payments" -> null
      - username   = "rvagg" -> null
    }

  # github_repository_collaborator.this["pdp:rvagg"] will be destroyed
  # (because key ["pdp:rvagg"] is not in for_each map)
  - resource "github_repository_collaborator" "this" {
      - id                          = "pdp:rvagg" -> null
      - permission                  = "push" -> null
      - permission_diff_suppression = false -> null
      - repository                  = "pdp" -> null
      - username                    = "rvagg" -> null
    }

  # github_repository_collaborator.this["synapse-sdk:timfong888"] will be destroyed
  # (because key ["synapse-sdk:timfong888"] is not in for_each map)
  - resource "github_repository_collaborator" "this" {
      - id         = "synapse-sdk:timfong888" -> null
      - permission = "push" -> null
      - repository = "synapse-sdk" -> null
      - username   = "timfong888" -> null
    }

  # github_repository_collaborator.this["synapse-sdk:tippyflitsuk"] will be destroyed
  # (because key ["synapse-sdk:tippyflitsuk"] is not in for_each map)
  - resource "github_repository_collaborator" "this" {
      - id         = "synapse-sdk:TippyFlitsUK" -> null
      - permission = "push" -> null
      - repository = "synapse-sdk" -> null
      - username   = "TippyFlitsUK" -> null
    }

  # github_team_repository.this["filoz-fs:filecoin-services-payments"] will be created
  + resource "github_team_repository" "this" {
      + etag       = (known after apply)
      + id         = (known after apply)
      + permission = "push"
      + repository = "filecoin-services-payments"
      + team_id    = "13124042"
    }

  # github_team_repository.this["filoz-fs:pdp"] will be created
  + resource "github_team_repository" "this" {
      + etag       = (known after apply)
      + id         = (known after apply)
      + permission = "push"
      + repository = "pdp"
      + team_id    = "13124042"
    }

Plan: 2 to add, 1 to change, 5 to destroy.

[BigLep]

Change intent makes sense. I don't see it in the diff currently though.