ci: add workflow to notify maintainers on fork PRs not running integration tests

[anakin87]

Related Issues

We don't expose secrets on PRs from forks for security reasons.

This also means that integration tests are skipped if API keys are required. In these cases, the maintainer should run the tests locally before merging the PR.

Proposed Changes:

• add a workflow for detecting PRs from forks where tests will be skipped and comment on the PR

How did you test it?

Hard to test. I'll test when merged and fix if not working properly.

Checklist

• I have read the contributors guidelines and the code of conduct
• I have updated the related issue with new insights and changes
• I added unit tests and updated the docstrings
• I've used one of the conventional commit types for my PR title: fix:, feat:, build:, chore:, ci:, docs:, style:, refactor:, perf:, test:.

[julian-risch]

Looks good to me! Only checking out the base branch SHA (the trusted target branch), not head.sha (the fork's code). Further ${{ steps.affected.outputs.list }} can only contain known integration names, no other content.
marocchino/sticky-pull-request-comment is a GitHub action that we're not using anywhere else yet. Looks good to me. They enabled immutable releases on GitHub two weeks ago, which is good. Still, let's keep in mind that another GitHub action means an additional risk and we could for example fork the action.

[anakin87]

It works. See #3234