Use a build service instead of a PAT for pr gating

[tjcorr]

This pull request mainly focuses on the changes in the src/pr-gating/CIVerify.yml and src/pr-gating/Setup.md files. The changes aim to improve security by replacing the Personal Access Token (PAT) with a system access token in the CIVerify.yml file and removing the steps for generating a new PAT in the Setup.md file. The changes also include adding instructions for granting permissions to the pipeline.

[felickz]

Is it worth documenting both approaches or you are convinced the PAT should be end of life :) Either way good to merge now!

[tjcorr]

I would argue that using the system token of the build service is strictly better than a PAT. No secret to store, nothing to rotate, etc...

[ncouraud]

Yeah, I think that there are pluses and minuses to both approaches - a PAT allows for custom permissions, but the system.AccessToken has much better maintainability at the expense of broader permissions radius (need to grant rights to the Build Service Acct, etc.)

That said - I think that most folks will understand that you can swap the System.AccessToken for a PAT.