AVRO-4233: [build] Remove explicit GITHUB_TOKEN

[RyanSkraba]

What is the purpose of the change

Remove explicit tokens from the PR labeler per https://infra.apache.org/github-actions-policy.html

Related PR: apache/iceberg#15335

Verifying this change

This change is a trivial rework / code cleanup without any test coverage.

(The next step in resolving AVRO-4233 is to add the CodeQL analysis for GitHub actions.)

Documentation

• Does this pull request introduce a new feature? no
• If yes, how is the feature documented? not applicable

[martin-g]

The labeler does not work with on>pull_request:

The configuration file (path: .github/labeler.yml) was not found locally, fetching via the api
Warning: The action requires write permission to add labels to pull requests. For more information please refer to the action documentation: https://github.com/actions/labeler#recommended-permissions
Error: Resource not accessible by integration

https://github.com/actions/labeler#recommended-permissions says:

However, when the action runs on a pull request from a forked repository, GitHub only grants read access tokens for pull_request events, at most. If you encounter an Error: HttpError: Resource not accessible by integration, it's likely due to these permission constraints. To resolve this issue, you can modify the on: section of your workflow to use [pull_request_target](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target) instead of pull_request (see example [above](https://github.com/actions/labeler#create-workflow)). This change allows the action to have write access, because pull_request_target alters the [context of the action](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target) and safely grants additional permissions.

There exists a potentially dangerous misuse of the pull_request_target workflow trigger that may lead to malicious PR authors (i.e. attackers) being able to obtain repository write permissions or stealing repository secrets. Hence, it is advisable that pull_request_target should only be used in workflows that are carefully designed to avoid executing untrusted code and to also ensure that workflows using pull_request_target limit access to sensitive resources. Refer to the [GitHub token permissions documentation](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token) for more details about access levels and event contexts.