MINOR: [CI] Update allowed_roles for crossbow submission

[assignUser]

Rationale for this change

Improved security, this aligns the permissions with the current default repo setting of required approval for all contributors.

What changes are included in this PR?

Only committers (members,owner and collaborator of ASF org) can submit a crossbow job.

Are these changes tested?

Not possible.

[kou]

+1

[conbench-apache-arrow]

After merging your PR, Conbench analyzed the 4 benchmarking runs that have been run so far on merge-commit b59082a.

There were no benchmark performance regressions. 🎉

The full Conbench report has more details. It also includes information about 2 possible false positives for unstable benchmarks that are known to sometimes produce them.

[kou]

@assignUser Can we re-allow crossbow submission to contributors who has at least one commit to apache/arrow? For example, allowing crossbow submission to @Tom-Newton is valuable.
See also: #39622

Improved security, this aligns the permissions with the current default repo setting of required approval for all contributors.

Does this mean that apache/arrow uses the "Require approval for all outside collaborators" setting?
See also: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#controlling-changes-from-forks-to-workflows-in-public-repositories

It seems that apache/arrow uses the "Require approval for first-time contributors" setting. Because workflows for #39622 were allowed without our explicit approval.

[Tom-Newton]

I would appreciate permissions for crossbow submissions but its probably not necessary. I've finally got my local windows build working sufficiently that I should be able to get #39622 passing everything in the next attempt.

Initially I was struggling to configure docker windows containers to use a local drive with sufficient space.

[kou]

OK!