Support app-based authentication with JWT and install-tokens

[davidkarlsen]

Add support for several auth mechs (to avoid simple static tokens), which can be handled by https://github.com/palantir/go-githubapp.

relevant requested feature in the runner api: actions/runner#752

The goal is to avoid use of PAT both for the controller and the pods.
Keep CRD as today, but create registration tokens and put them in the referenced secret, check if they can be re-used or not. Annotate the secret with the expiry.

Add a finalizer to the pod, this can be called in order to unregister the runner which avoids actions/runner#752