Switch to OIDC Federation Service instead of GitHub App (#51)

<!-- markdownlint-disable MD041 -->
#### What this PR does / why we need it
Currently, the [Gardener GitHub-Actions
App](https://github.com/apps/gardener-github-actions) is used to provide
more privileged access than available via the default `GITHUB_TOKEN`,
for example to circumvent branch protection rules (GitHub Apps can be
configured as bypassers) or cross repository privileges. To prevent
sharing the GitHub App secret with each and every repository/workflow
which requires usage of it, the [GitHub OIDC Federation
Service](https://github.com/gardener/github-oidc-federation) has been
developed. In essence, it holds the credentials for a central GitHub App
and creates short-lived access tokens with a configured scope based on a
centrally configured OIDC configuration. See related changes which have
been necessary for this repository:

- open-component-model/.github-oidc#1

#### Which issue(s) this PR fixes
<!--
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-->

Signed-off-by: Jonas Brand (8R0WNI3) <j.brand@sap.com>
Co-authored-by: Fabian Burth <fabian.burth@sap.com>

Author: 8R0WNI3

.github/workflows/build.yaml

@@ -15,7 +15,7 @@ jobs:
   prepare:
     uses: gardener/cc-utils/.github/workflows/prepare.yaml@master
     permissions:
-      contents: read
+      id-token: write
     with:
       mode: ${{ inputs.mode }}
 

.github/workflows/non-release.yaml

@@ -6,7 +6,6 @@ on:
 jobs:
   build:
     uses: ./.github/workflows/build.yaml
-    secrets: inherit
     permissions:
       contents: read
       packages: write
@@ -18,7 +17,6 @@ jobs:
     uses: gardener/cc-utils/.github/workflows/post-build.yaml@master
     needs:
       - build
-    secrets: inherit
     permissions:
       contents: write
       id-token: write

.github/workflows/release.yaml

@@ -11,7 +11,6 @@ on:
 jobs:
   build:
     uses: ./.github/workflows/build.yaml
-    secrets: inherit
     permissions:
       contents: read
       packages: write
@@ -23,7 +22,6 @@ jobs:
     uses: gardener/cc-utils/.github/workflows/release.yaml@master
     needs:
       - build
-    secrets: inherit
     permissions:
       contents: write
       packages: write