fix: add approval gate to call-check-tflite-files job

The call-check-tflite-files job in pr_test.yml is missing the
`needs: [gatekeeper, approval-gate]` dependency that all other jobs
have. This allows fork PRs to execute arbitrary code via the checked-out
shell script without waiting for approval, bypassing the security gate.

BUG=n/a

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: q1uf3ng

.github/workflows/pr_test.yml

@@ -64,6 +64,8 @@ jobs:
         run: echo "CI Authorized."
 
   call-check-tflite-files:
+    needs: [gatekeeper, approval-gate]
+    if: needs.gatekeeper.outputs.scope != 'none'
     uses: ./.github/workflows/check_tflite_files.yml
     with:
       trigger-sha: ${{ github.event.pull_request.head.sha }}