ci(test): skip test-trigger-other-job when token is read-only

The test-trigger-other-job job runs `gh workflow run`, which requires
`actions: write` on the GITHUB_TOKEN. The job has been failing on:

  - Fork PRs (e.g. contributor PRs from forks): fork-originated PRs
    always receive a read-only GITHUB_TOKEN.
  - Dependabot PRs (e.g. #15): even though dependabot creates branches
    in the same repo, the dependabot[bot] actor receives a restricted
    token by default.

Both produce:

    could not create workflow dispatch event: HTTP 403:
    Resource not accessible by integration

Skip this job in both cases by gating on `head.repo.full_name` and on
`github.actor`. The job continues to run on PRs from same-repo
branches authored by humans, where the token has the required
permissions.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: bearomorphism

.github/workflows/test.yaml

@@ -81,6 +81,14 @@ jobs:
             assert.ok(changelogContent.includes('### Fix'), 'Expected changelog to contain a header for fixes');
   test-trigger-other-job:
     runs-on: ubuntu-latest
+    # Skip when the token will be read-only and `gh workflow run` would
+    # fail with HTTP 403 ("Resource not accessible by integration"):
+    #   - Fork PRs: GITHUB_TOKEN is always read-only on fork-originated PRs.
+    #   - Dependabot PRs: even though the branch is in the same repo, the
+    #     dependabot[bot] actor receives a restricted token by default.
+    if: >-
+      github.event.pull_request.head.repo.full_name == github.repository &&
+      github.actor != 'dependabot[bot]'
     steps:
       - uses: actions/checkout@v6
         with: