Add claude allowlist check in workflow for issue and PR events (#739)

Doesnt include myself to test if it works :D

Author: SoWieMarkus

.github/claude-allowed-users

@@ -0,0 +1,7 @@
+auhlig
+umswmayj
+juliusclausnitzer
+mblos
+PhilippMatthes
+Varsius
+henrichter

.github/workflows/claude-on-issues-and-prs.yaml

@@ -11,8 +11,29 @@ on:
     types: [submitted]
 
 jobs:
+  check-allowlist:
+    runs-on: ubuntu-latest
+    outputs:
+      allowed: ${{ steps.check.outputs.allowed }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+      - name: Check sender against allowlist
+        id: check
+        run: |
+          if grep -qxF "${{ github.event.sender.login }}" \
+            <(grep -v '^#' .github/claude-allowed-users | sed '/^[[:space:]]*$/d'); then
+            echo "allowed=true" >> $GITHUB_OUTPUT
+          else
+            echo "allowed=false" >> $GITHUB_OUTPUT
+          fi
+
   claude:
-    if: github.event.sender.type == 'User'
+    needs: check-allowlist
+    if: >
+      github.event.sender.type == 'User' &&
+      needs.check-allowlist.outputs.allowed == 'true'
     runs-on: ubuntu-latest
     permissions:
       contents: write