Security considerations for Gitea runners

[framitdavid]

Description

As Gitea Actions (introduced in version 1.19) relies on external "act runners" to execute CI/CD jobs, it's important to consider the security implications of using these runners. Since the runners are deployed independently, there are potential security risks that need to be addressed.

Security Guidelines:

• Trusted Runners: Only use runners that are trusted within the organization or instance. Using untrusted runners could introduce security vulnerabilities.
• Restricted Access: Avoid providing runners to repositories, organizations, or instances that are not trusted, especially for public Gitea instances.