[JENKINS-63421] Add agentServiceAccounts optional config

[scurvydoggo]

This is intended to address: JENKINS-63421.

This plugin assigns Jenkins permissions based on their GitHub permissions - if a user can read a repo then they can view and execute the job.

However there exists no role that to represent the service account used by Jenkins agents to connect to the controller. This means that plugin users are forced to make the service account an admin, and this presents a security risk because the service account credentials exist on every agent if you know where to look.

An attacker can take the credentials from the agent and use them to become a Jenkins admin.

Our fork introduces a configurable agentServiceAccounts field which has the proper, reduced permissions.

Testing done

Unit tests have been included in the commit.

This has been deployed to production on our instance and it's been working well. We use the CasC plugin and so can verify that works too.

Submitter checklist

Beta Give feedback

1. Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
2. Ensure that the pull request title represents the desired changelog entry
3. Please describe what you did
4. Link to relevant issues in GitHub or Jira
5. Link to relevant pull requests, esp. upstream and downstream changes
6. Ensure you have provided tests - that demonstrates feature works or fixes the issue

[scurvydoggo]

Closing this as it's a duplicate PR.