Harden pull_request_target workflows against untrusted checkout

[stuartparmenter]

Objective

I've been going through a lot of my github workflows lately to try and tighten them, and wanted to see if there were any obvious issues in the Bevy ones. They seem generally safe as-is, but can be hardened further to avoid future issues.

The action-on-PR-labeled.yml workflow runs on pull_request_target, which grants it write permissions on the repo with access to secrets. It was checking out the PR's head SHA (ref: ${{ github.event.pull_request.head.sha }}) and running git against it in order to detect whether the PR touched the migration-guides / release-notes directories.

Solution

• Detect changed files via the GitHub API (github.rest.pulls.listFiles) inside the existing github-script step instead of checking out the PR head. No untrusted code ever lands on the privileged runner.
• Add a github.repository == 'bevyengine/bevy' guard to both pull_request_target jobs and to welcome.yml, so forks don't run stale/privileged copies of these workflows.

Testing

• Workflow-only change; nothing to run locally.
• Best validated by exercising the labels (M-Migration-Guide, M-Release-Note) on a test PR once merged.