[New Feature]: Make non-mods able to use "@wingetbot run" as well.

[DandelionSprout]

Description of the new feature/enhancement

Considering how massive the problem with Installer-Error-Dynamic-Scan has got by now (See https://github.com/microsoft/winget-pkgs/pulls?q=is%3Apr+is%3Aopen+label%3AInternal-Error-Dynamic-Scan and #317960), making non-mods able to run @wingetbot run without the bot claiming non-mods don't have sufficient permissions, would've been one of several ways to alleviate the problem slightly.

Proposed technical implementation details (optional)

Make it so that Wingetbot no longer requires any permissions in order to use @wingetbot run.

[mdanish-kh]

For a workaround, you can try closing & re-opening the PR which should have the same effect

[Dragon1573]

Make it so that WinGet Bot no longer requires any permissions in order to use @wingetbot run.

I think this might be dangerous. DO NOT TRUST ANYBODY.

If no permissions is required. Will there be a spamming account frequently invoking @wingetbot run to trigger HUGE amounts of runs as DoS? This repository is already suffering high API call rate (I see Internal-Error-Dynamic-Scan so many times). I can't sure if there're evil spamming account waiting for this chance.

[DandelionSprout]

• "For a workaround, you can try closing & re-opening the PR which should have the same effect"

I've been hoping to be able to use "run" on other users' PRs as well. 😅

• "I think this might be dangerous. DO NOT TRUST ANYBODY. (…)"

Maybe limit it to users with Contributor status then, I guess?

[Dragon1573]

Maybe limit it to users with Contributor status then, I guess?

I think this might be acceptable. Similar to the GitHub built-in "limit interactions" feature to prevent newly created and malicious account.