chore(ci): workflows no gh secrets

[paul1r]

Update the Loki 2.9 release pipeline to not reference GitHub secrets.

This pulls in #262 and #263

[github-actions]

😢 zizmor failed with exit code 14.

Expand for full output

error[dangerous-triggers]: use of fundamentally insecure workflow trigger
 --> ./.github/workflows/backport.yml:2:1
  |
2 | / on:
3 | |   pull_request_target:
4 | |     types:
5 | |       - closed
6 | |       - labeled
  | |_______________^ pull_request_target is almost always used insecurely
  |
  = note: audit confidence → Medium

error[unpinned-uses]: unpinned action reference
  --> ./.github/workflows/pr.yml:75:9
   |
75 |       - uses: kobtea/setup-jsonnet-action@v1
   |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ action is not pinned to a hash (required by blanket policy)
   |
   = note: audit confidence → High

error[unpinned-uses]: unpinned action reference
   --> ./.github/workflows/pr.yml:116:9
    |
116 |       - uses: amannn/action-semantic-pull-request@v5
    |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ action is not pinned to a hash (required by blanket policy)
    |
    = note: audit confidence → High

17 findings (13 ignored, 1 suppressed): 0 unknown, 0 informational, 0 low, 0 medium, 3 high