fix(ci): skip autolabeler in PR from forks

Following the reconmendation from the SUSE security team, the
`pull_request_target` triggers from all our CI files have been removed.
However, this trigger is required to allow the autolabeler action
tagging PRs from forks. It's not possible to use `pull_request` only
because Github by default set all the permissions to read-only for this
trigger. Ignoring what it is defined in the CI file.

Because of that, this commit updates the autolabeler CI workflow to skip
the tagging when the PR came from a fork.

Signed-off-by: José Guilherme Vanz <jguilhermevanz@suse.com>

Author: jvanz

.github/workflows/autolabeler.yml

@@ -2,13 +2,16 @@ name: Autolabeler
 
 on:
   pull_request:
-    # Only following types are handled by the action, but one can default to all as well
     types: [opened, reopened, synchronize, edited]
 
+permissions:
+  contents: read
+
 jobs:
   autolabeler:
+    # Skip fork PRs — the GITHUB_TOKEN is read-only and cannot add labels
+    if: github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name
     permissions:
-      contents: read
       pull-requests: write
     runs-on: ubuntu-latest
     steps: