Relax PR approval requirement for previous collaborators

[cpu]

An idea from djc in discord:

In fact it would be nice if we can relax it even more, like allow the bot to run if we previously merged a PR from the same author

This will probably be a little bit trickier than #32 - I'm not sure if GitHub exposes this state through the API. Some research will be required.

[aochagavia]

There seems to be an association for this too:

CONTRIBUTOR

Author has previously committed to the repository.

From the GraphQL API docs.

The docs don't explicitly mention whether the "CONTRIBUTOR" association is available to PRs (the docs talk about comments), but I'd expect it to, because it's used by GitHub Actions itself (i.e. the default is to require approval for first-time contributors, but not for someone who successfully contributed in the past).

[cpu]

Djc had this suggestion:

Was thinking you could just run a PR search with is:merged and author facets and check if you get at least one result

Thinking about this more it feels like it could be more trouble than its worth. We don't get that many repeat contributions. When we do, it's not that onerous to either approve the PR or leave the magic comment to provoke the bot.

Implementing this will be a decent chunk of work, and as Ctz pointed out, it's not very hard to get a small PR accepted and then use that increased level of trust to have a malicious branch run on the benchmarking server. Solving that will be a big job and I don't think the level of friction experienced with the current setup motivates doing it.