chore: use DEPOT_TOKEN secret (#10237)

# Which Problems Are Solved

Action runs on PRs from forks can't authenticate at depot.

# How the Problems Are Solved

- The GitHub secret DEPOT_TOKEN is statically passed as env variable to
the steps that use the depot CLI, as described
[here](https://github.com/depot/setup-action#authentication).
- Removed the oidc argument from the depot/setup-action, as we pass the
env statically to the relevant steps.
- The `id-token: write` permission is removed from all workflows, as
it's not needed anymore.

# Additional Changes

Removed the obsolete comment
```yaml
# latest if branch is main, otherwise image version which is the pull request number
```

# Additional Context

Required by these approved PRs so their checks can be executed:
- https://github.com/zitadel/zitadel/pull/9982
- https://github.com/zitadel/zitadel/pull/9958

.github/workflows/compile.yml

@@ -21,6 +21,10 @@ on:
       node_version:
         required: true
         type: string
+    secrets:
+      DEPOT_TOKEN:
+        required: true
+
 jobs:
   executable:
     runs-on: ubuntu-latest
@@ -83,12 +87,10 @@ jobs:
       uses: actions/checkout@v4
     -
       uses: depot/setup-action@v1
-      with:
-        oidc: true
     -
       run: make login_standalone_out
       env:
-        # latest if branch is main, otherwise image version which is the pull request number
+        DEPOT_TOKEN: ${{ secrets.DEPOT_TOKEN }}
         LOGIN_BAKE_CLI: depot bake
         DEPOT_PROJECT_ID: w47wkxzdtw
         NODE_VERSION: ${{ inputs.node_version }}