Copy trafico workflow from actual (#380)

.github/workflows/trafico.yml

@@ -0,0 +1,39 @@
+##########################################################################################
+# WARNING! This workflow uses the 'pull_request_target' event. That mans that it will    #
+# always run in the context of the main actualbudget/actual repo, even if the PR is from #
+# a fork. This is necessary to get access to a GitHub token that can modify the PR.      #
+# Be VERY CAREFUL about adding things to this workflow, since forks can inject           #
+# arbitrary code into their branch, and can pollute the artifacts we download. Arbitrary #
+# code execution in this workflow could lead to a compromise of the main repo.           #
+##########################################################################################
+# See: https://securitylab.github.com/research/github-actions-preventing-pwn-requests    #
+##########################################################################################
+
+name: Trafico Reviews
+
+on:
+  pull_request_target:
+    types:
+     - opened
+     - closed
+     - reopened
+     - synchronize
+     - edited
+     - review_requested
+     - review_request_removed
+  pull_request_review:
+    types: [submitted, edited, dismissed]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  manage-review:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    steps:
+      - uses: actualbudget/trafico@main
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}

upcoming-release-notes/380.md

@@ -0,0 +1,6 @@
+---
+category: Maintenance
+authors: [twk3]
+---
+
+Switch to using a Trafico GitHub action to restore review management.