chore: restrict slash commands to users with write access

Restrict the `check-files`, `update-copyright-years`, `lint-autofix`,
`merge`, and `rebase` slash commands so they only run when triggered by
a user whose comment author association is `OWNER`, `MEMBER`, or
`COLLABORATOR`.

---
type: pre_commit_static_analysis_report
description: Results of running static analysis checks when committing changes.
report:
  - task: lint_filenames
    status: passed
  - task: lint_editorconfig
    status: passed
  - task: lint_markdown
    status: na
  - task: lint_package_json
    status: na
  - task: lint_repl_help
    status: na
  - task: lint_javascript_src
    status: na
  - task: lint_javascript_cli
    status: na
  - task: lint_javascript_examples
    status: na
  - task: lint_javascript_tests
    status: na
  - task: lint_javascript_benchmarks
    status: na
  - task: lint_python
    status: na
  - task: lint_r
    status: na
  - task: lint_c_src
    status: na
  - task: lint_c_examples
    status: na
  - task: lint_c_benchmarks
    status: na
  - task: lint_c_tests_fixtures
    status: na
  - task: lint_shell
    status: na
  - task: lint_typescript_declarations
    status: passed
  - task: lint_typescript_tests
    status: na
  - task: lint_license_headers
    status: passed
---

Author: Planeshifter

.github/workflows/slash_commands.yml

@@ -97,7 +97,10 @@ jobs:
     needs: [ add_initial_reaction ]
 
     # Define the conditions under which the job should run:
-    if: github.event.issue.pull_request && startsWith(github.event.comment.body, '/stdlib check-files')
+    if: |
+      github.event.issue.pull_request &&
+      startsWith(github.event.comment.body, '/stdlib check-files') &&
+      contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association)
 
     # Run reusable workflow:
     uses: ./.github/workflows/check_required_files.yml
@@ -132,7 +135,10 @@ jobs:
     name: 'Update copyright header years'
 
     # Define the conditions under which the job should run:
-    if: github.event.issue.pull_request && startsWith(github.event.comment.body, '/stdlib update-copyright-years')
+    if: |
+      github.event.issue.pull_request &&
+      startsWith(github.event.comment.body, '/stdlib update-copyright-years') &&
+      contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association)
 
     # Run reusable workflow:
     uses: ./.github/workflows/update_pr_copyright_years.yml
@@ -153,7 +159,10 @@ jobs:
     needs: [ add_initial_reaction ]
 
     # Define the conditions under which the job should run:
-    if: github.event.issue.pull_request && startsWith(github.event.comment.body, '/stdlib lint-autofix')
+    if: |
+      github.event.issue.pull_request &&
+      startsWith(github.event.comment.body, '/stdlib lint-autofix') &&
+      contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association)
 
     # Run reusable workflow:
     uses: ./.github/workflows/lint_autofix.yml
@@ -174,7 +183,10 @@ jobs:
     needs: [ add_initial_reaction ]
 
     # Define the conditions under which the job should run:
-    if: github.event.issue.pull_request && startsWith(github.event.comment.body, '/stdlib merge')
+    if: |
+      github.event.issue.pull_request &&
+      startsWith(github.event.comment.body, '/stdlib merge') &&
+      contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association)
 
     # Run reusable workflow:
     uses: ./.github/workflows/pr_merge_develop.yml
@@ -195,7 +207,10 @@ jobs:
     needs: [ add_initial_reaction ]
 
     # Define the conditions under which the job should run:
-    if: github.event.issue.pull_request && startsWith(github.event.comment.body, '/stdlib rebase')
+    if: |
+      github.event.issue.pull_request &&
+      startsWith(github.event.comment.body, '/stdlib rebase') &&
+      contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association)
 
     # Run reusable workflow:
     uses: ./.github/workflows/pr_rebase_develop.yml