Split tokens for reading and writing

See https://gitlab.com/gitlab-com/team-member-epics/access-requests/-/issues/18945

For improvement of security the tokens that read from the API and write to the gl-retrospectives group should be split, instead of having one token that can read and write to the whole API.

There are now two available token variables in the CI config:

• $GITLAB_BOT_API_TOKEN which has read permission on all of GitLab, so that issues and MRs can be collated/counted.
• $GITLAB_WRITE_API_TOKEN which has write permission to one group (gl-retrospectives) and handles the creation and update of issues, discussions, etc within that group.