Implements smart merge v2

[arcanis]

What's the problem this PR addresses?

Smart merge currently requires to go into the Actions tab and pick the right action with the right parameters. Additionally it's not great in terms of security since the running code has access to the yarnbot token. Even with manual trigger, there's a decent chance someone could social-engineer us into running it on a malicious PR.

How did you fix it?

• The action is now triggered by adding the infra: pending update label to a PR
• Immediately, a privileged pull_request_target action will trigger and remove the label
• In parallel, an unprivileged pull_request trigger will generate a patchfile and store it as an artifact
• Once finished, a privileged workflow_run workflow will retrieve the patchfile and create the commit

Checklist

• I have read the Contributing Guide.

• I have set the packages that need to be released for my changes to be effective.

• I will check that all automated PR checks pass before the PR gets reviewed.