[treescript] Stop using the `releng-treescript` app for Gecko l10n bumps

[ahal]

We added the ability to store l10n changes in a separate Github repo for Gecko l10n bumps:
3938c24

We currently authenticate as the releng-treescript app to do things like get the latest commit and return the contents of files. This is useful for avoiding Github rate limits. However, we do not actually commit any changes to these external l10n repos. Therefore using releng-treescript, which has write access to a repo, does not follow the Principle of Least Privilege.

Instead, I believe we should create a generic releng-readonly (name TBD) app that only has read access to the repos. Then, we can install this app anywhere we simply want read access (e.g for higher rate limits or for access to private repos).

[ahal]

Note that this issue will be valid even after Gecko moves to Github (as long as l10n remains in a separate repo).

[bhearsum]

The other big place this would be useful is for chain of trust verification. We currently use access tokens for this, but those have a lower rate limit than apps IIRC.