feat: Add GitHub Actions self hosted runner

[rossf7]

What type of PR is this?

kind/feature

What this PR does / why we need it:

Installs GitHub Actions Runner Controller https://github.com/actions/actions-runner-controller with a self hosted runner called green-reviews-runner for us to test with.

Also configures SOPS to encrypt the k8s secret green-reviews-pat that stores the GitHub PAT needed by ARC to access the GitHub API.

For SOPS the GPG key used is stored in a secret in the flux-system namespace. For now I created this manually but later we should add this step to the tofu automation.

Which issue(s) this PR fixes:

Towards https://github.com/cncf-tags/green-reviews-tooling/issues/58

Special notes for your reviewer (optional):

This adds a new namespace called greenreviews for the runner scale set and the pods it creates.

My thinking is we will configure another runner scale set in the falco namespace for the Falco team but with the pods running on our internal node.

This is totally up for discussion! So if you think there is a better design please suggest it.

[rossf7]

took a quick look. Have some questions about the PR. Also asked in Slack why we need a self hosted GitHub actions runner (and if there is not a simpler way).

@leonardpahlke I've set this back to draft while we discuss self hosted runners. I think there are some benefits over regular runners for our use case.

Like we discussed we'll use the docs PR @nikimanoledaki is working on to do that.

[rossf7]

We're going to start with GitHub public runners since the cluster k8s API is public and to have less to maintain.

We can come back to this later if we need self hosted runners or encrypting secrets for Flux with SOPS