Add CB maintainers to plugins

[Wadeck]

Description

• As part of @security I auto-approve my changes to all except matrix-auth
• [ ] matrix-auth requires approval from @daniel-beck => refused

The @security team will keep working on the security aspects of those plugins and additional people will help/contribute.

CC @jtnord @batmat as it's the result of our discussion last week.
CC @Kevin-CB for the addition to the @security team

Plugin repositories:

• https://github.com/jenkinsci/bouncycastle-api-plugin, approved by me as member of @security
• https://github.com/jenkinsci/credentials-plugin, approved by me as member of @security
• https://github.com/jenkinsci/credentials-binding-plugin, approved by me as "direct" maintainer
• https://github.com/jenkinsci/pam-auth-plugin, approved by me as "direct" maintainer
• https://github.com/jenkinsci/plain-credentials-plugin, approved by me as "direct" maintainer
• https://github.com/jenkinsci/secure-requester-whitelist-plugin, approved by me as "direct" maintainer
• https://github.com/jenkinsci/ssh-credentials-plugin, approved by me as "direct" maintainer

Submitter checklist for adding or changing permissions

Always

• Add link to plugin/component Git repository in description above

For a newly hosted plugin only

• Add link to resolved HOSTING issue in description above

For a new permissions file only

• Make sure the file is created in permissions/ directory
• artifactId (pom.xml) is used for name (permissions YAML file).
• groupId / artifactId (pom.xml) are correctly represented in path (permissions YAML file)
• Check that the file is named plugin-${artifactId}.yml for plugins

When adding new uploaders (this includes newly created permissions files)

• Make sure to @mention an existing maintainer to confirm the permissions request, if applicable
• Use the Jenkins community (LDAP) account name in the YAML file, not the GitHub account name
• Make sure to @mention the users being added so their GitHub account names are known if they require GitHub merge access (see below).
• All newly added users have logged in to Artifactory at least once

Reviewer checklist (not for requesters!)

• Check this if newly added person also needs to be given merge permission to the GitHub repo (please @ the people/person with their GitHub username in this issue as well). If needed, it can be done using an IRC Bot command
• Check that the $pluginId Developers team has Admin permissions while granting the access.
• In the case of plugin adoption, ensure that the Jenkins Jira default assignee is either removed or changed to the new maintainer.
• If security contacts are changed (this includes add/remove), ping the security officer (currently @Wadeck) in this pull request. If an email contact is changed, wait for approval from the security officer.

There are IRC Bot commands for it

[timja]

Could you add a checklist against each plugin listing their approvers and approval status please?

[Wadeck]

Added checklist + approval from me as maintainer of the plugins in modified files.

[timja]

will you handle the permissions or need someone to do for you?

[Wadeck]

@timja Never used the bot before, so if it's straightforward please do so, otherwise point me to the doc please :)

[timja]

https://www.jenkins.io/projects/infrastructure/ircbot/

jenkins-admin: Grant USER a commit access of/to REPO

e.g. a recent one:

jenkins-admin: make mhmdabdh a committer on global-post-script-plugin

in #jenkins-hosting

[Wadeck]

Thanks, will do it after lunch 👍

[batmat]

FTR, I've added the CB dev team as maintainer, to reflect the approval conveyed in this PR. This was apparently forgotten on GH side.