CI: remove unused worklow; use GITHUB_TOKEN where possible (#104657)

* remove unused worklow; use GITHUB_TOKEN where possible

* pin usages of checkout and setup-go

* Fix zizmor errors

* add zizmor.yml

* fix `changelog.yml`

* fix `core-plugins-build-and-release.yml`

* fix `release-comms.yml`

* update release-pr.yml and run-e2e-suite.yml

* Fix errors in files outside of .github/workflows

* Remove path filter on zizmor.yml

---------

Co-authored-by: Sven Grossmann <svennergr@gmail.com>
Co-authored-by: joshhunt <josh.hunt@grafana.com>

.github/workflows/create-security-patch-from-security-mirror.yml

@@ -17,7 +17,7 @@ on:
 jobs:
   trigger_downstream_create_security_patch:
     concurrency: create-patch-${{ github.ref_name }}
-    uses: grafana/security-patch-actions/.github/workflows/create-patch.yml@main
+    uses: grafana/security-patch-actions/.github/workflows/create-patch.yml@main # zizmor: ignore[unpinned-uses]
     if: github.repository == 'grafana/grafana-security-mirror'
     with:
       repo: "${{ github.repository }}"
@@ -25,5 +25,4 @@ jobs:
       patch_ref: "${{ github.base_ref }}" # this is the target branch name, Ex: "main"
       patch_repo: "grafana/grafana-security-patches"
       patch_prefix: "${{ github.event.pull_request.number }}"
-    secrets: inherit
-
+    secrets: inherit # zizmor: ignore[secrets-inherit]