Restrict CI runners to valid freedesktop projects only

It's very sad that freedesktop.org have had to restrict access due to such hostile attacks, but I think their GitLab administrators deserve commendation for their excellently clear communication in the matter.

This is already pretty common across a lot of open source projects due to parasitic hijacking of compute time and space, in Kubernetes non-members can't run CI without having an ok-to-test label on their PR

Perhaps I'm underestimating it here, or they are mining a currency I'm not aware of, but how does this actually end up being worth the effort involved for the people running cryptominers in the build actions? My understanding is that they'd be making cents or fractions of cents from this..

uf they ran into a ton of bugs