Inject bot / api token as environment variable

[anbraten]

Clear and concise description of the problem

As a developer I want to create plugins which could interact with the woodpecker-api via curl or the official client. For this I would need some token.

Suggested solution

The needed token to access the woodpecker-ui could automatically be injected into each woodpecker step, so plugins could directly use it. It would be best if the bot-token is only valid for some short duration or the time the pipeline run is being executed and has some limited permissions.

Alternative

No response

Additional context

Would be useful for #367

Validations

• Read the Contributing Guidelines.
• Read the docs.
• Check that there isn't already an issue that request the same feature to avoid creating a duplicate.

[6543]

I would suggest to create temporary auth token for each job with limited scope of access ... so not usig #665 since this has a other usecase ... but we can share code of cource.

Idea: extemd proc structure witb a token field

[anbraten]

I would extract the (api)-token from the user and add it to a separate model / table to have one single place to store tokens. If a pipeline gets started we could simply add a new token and remove it again after the pipeline finished.