Give write access to the crates-io team

[marcoieni]

Consider giving the crates-io team write access to this action.

The risk is that people with write access can push malicious code to the v1 branch.

It's fine if members who have access to the crates-io database have permission to publish this action, because if their account is compromised we have issues anyway, probably.

Only part of crates-io team have high priviledges (i.e. they can deploy code or write access to the DB).

Long-term we would like to use https://github.com/features/preview/immutable-actions when it's in public preview.

Discussed in rust-lang/team#1889 (comment)