chore(deps): Bump the crazy-max-dot-github group with 2 updates

Bumps the crazy-max-dot-github group with 2 updates: [crazy-max/.github/.github/workflows/pr-assign-author.yml](https://github.com/crazy-max/.github) and [crazy-max/.github/.github/workflows/zizmor.yml](https://github.com/crazy-max/.github).


Updates `crazy-max/.github/.github/workflows/pr-assign-author.yml` from 1.8.0 to 1.10.0
- [Release notes](https://github.com/crazy-max/.github/releases)
- [Commits](https://github.com/crazy-max/.github/compare/9ba6e6f9450baf3b1237f8035c1fdc45932510bd...716fd1c51a46c5d93a41d44a94b439c9ee802536)

Updates `crazy-max/.github/.github/workflows/zizmor.yml` from 1.8.0 to 1.10.0
- [Release notes](https://github.com/crazy-max/.github/releases)
- [Commits](https://github.com/crazy-max/.github/compare/9ba6e6f9450baf3b1237f8035c1fdc45932510bd...716fd1c51a46c5d93a41d44a94b439c9ee802536)

---
updated-dependencies:
- dependency-name: crazy-max/.github/.github/workflows/pr-assign-author.yml
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crazy-max-dot-github
- dependency-name: crazy-max/.github/.github/workflows/zizmor.yml
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crazy-max-dot-github
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/.e2e-run.yml

@@ -1,9 +1,6 @@
 # reusable workflow
 name: .e2e-run
 
-permissions:
-  contents: read
-
 on:
   workflow_call:
     inputs:
@@ -117,8 +114,8 @@ jobs:
         uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
         with:
           registry: ${{ env.REGISTRY_FQDN || inputs.registry }}
-          username: ${{ env.REGISTRY_USER || secrets.registry_username }}
+          username: ${{ env.REGISTRY_USER || secrets.registry_username || (inputs.registry == 'ghcr.io' && github.actor) || '' }}
-          password: ${{ env.REGISTRY_PASSWORD || secrets.registry_password }}
+          password: ${{ env.REGISTRY_PASSWORD || secrets.registry_password || (inputs.registry == 'ghcr.io' && secrets.GITHUB_TOKEN) || '' }}
           scope: ${{ inputs.type == 'remote' && inputs.registry == '' && '@push' || '' }}
       -
         name: Build and push

.github/workflows/e2e.yml

@@ -20,6 +20,9 @@ on:
 jobs:
   build:
     uses: ./.github/workflows/.e2e-run.yml
+    permissions:
+      contents: read
+      packages: write # to push image to GHCR
     strategy:
       fail-fast: false
       matrix:
@@ -38,7 +41,7 @@ jobs:
           -
             name: GitHub
             registry: ghcr.io
-            slug: ghcr.io/docker-ghactiontest/test
+            slug: ghcr.io/docker/build-push-action-test
             auth: ghcr
             type: remote
           -
@@ -100,11 +103,11 @@ jobs:
       registry: ${{ matrix.registry }}
       slug: ${{ matrix.slug }}
     secrets:
-      # Pass only the two secrets needed by each matrix entry.
+      # Pass only the registry-specific secrets needed by each matrix entry.
+      # GHCR uses the called workflow's GITHUB_TOKEN fallback.
       registry_username: >-
         ${{
           matrix.auth == 'dockerhub' && secrets.DOCKERHUB_USERNAME ||
-          matrix.auth == 'ghcr' && secrets.GHCR_USERNAME ||
           matrix.auth == 'gitlab' && secrets.GITLAB_USERNAME ||
           matrix.auth == 'aws' && secrets.AWS_ACCESS_KEY_ID ||
           matrix.auth == 'gar' && secrets.GAR_USERNAME ||
@@ -116,7 +119,6 @@ jobs:
       registry_password: >-
         ${{
           matrix.auth == 'dockerhub' && secrets.DOCKERHUB_TOKEN ||
-          matrix.auth == 'ghcr' && secrets.GHCR_PAT ||
           matrix.auth == 'gitlab' && secrets.GITLAB_TOKEN ||
           matrix.auth == 'aws' && secrets.AWS_SECRET_ACCESS_KEY ||
           matrix.auth == 'gar' && secrets.GAR_JSON_KEY ||

.github/workflows/pr-assign-author.yml

@@ -11,7 +11,7 @@ on:
 
 jobs:
   run:
-    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@9ba6e6f9450baf3b1237f8035c1fdc45932510bd # v1.8.0
+    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@716fd1c51a46c5d93a41d44a94b439c9ee802536 # v1.10.0
     permissions:
       contents: read
       pull-requests: write

.github/workflows/zizmor.yml

@@ -19,7 +19,7 @@ on:
 
 jobs:
   zizmor:
-    uses: crazy-max/.github/.github/workflows/zizmor.yml@9ba6e6f9450baf3b1237f8035c1fdc45932510bd # v1.8.0
+    uses: crazy-max/.github/.github/workflows/zizmor.yml@716fd1c51a46c5d93a41d44a94b439c9ee802536 # v1.10.0
     permissions:
       contents: read
       security-events: write

.github/zizmor.yml

@@ -0,0 +1,6 @@
+rules:
+  # rule does not apply to reusable worfklows where permissions are defined by
+  # the caller workflow and not the reusable workflow itself
+  excessive-permissions:
+    ignore:
+      - .e2e-run.yml