Set up the JMH benchmarking workflow again, but in a safer manner

[msridhar]

We cannot safely trigger the job off of an issue comment. I'm thinking we should instead trigger it when a pull request gets a particular label:

https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request

This should limit who can run the job to anyone who has "triage" access to the repo:

https://docs.github.com/en/issues/using-labels-and-milestones-to-track-work/managing-labels#applying-a-label

So it's a whitelist that we can easily control.