ci: gate triggers on PR author instead of github.actor

SonarCloud flagged the use of github.actor in the actor gate as
forgeable — on a re-run by a maintainer, github.actor becomes that
maintainer rather than the original PR author, which would let a
malicious PR bypass the gate. Switch to
github.event.pull_request.user.login, which is the immutable original
author set by GitHub from the authenticated session.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: ionmincu

.github/workflows/integration_tests.yml

@@ -23,8 +23,8 @@ jobs:
   discover-testcases:
     if: |
       github.event_name == 'push' ||
-      (github.event_name == 'pull_request' && github.actor != 'dependabot[bot]') ||
-      (github.event_name == 'pull_request_target' && github.actor == 'dependabot[bot]')
+      (github.event_name == 'pull_request' && github.event.pull_request.user.login != 'dependabot[bot]') ||
+      (github.event_name == 'pull_request_target' && github.event.pull_request.user.login == 'dependabot[bot]')
     runs-on: ubuntu-latest
     outputs:
       testcases: ${{ steps.discover.outputs.testcases }}