fix: pull_request_target events can share the cache of the repository (#927)

This is a regression introduced in v10.0.0 by which a pull_request_target event would fail because it attemps to set an isolation key, as if it was a pull request originating from a fork.

<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/927): <!--number 927 --><!--line 0 --><!--description Zml4OiBwdWxsX3JlcXVlc3RfdGFyZ2V0IGV2ZW50cyBjYW4gc2hhcmUgdGhlIGNhY2hlIG9mIHRoZSByZXBvc2l0b3J5-->fix: pull_request_target events can share the cache of the repository<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/927
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.code.forgejo.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>

internal/app/run/runner.go

@@ -272,7 +272,7 @@ func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report.
 		// future runs of the PR's workflows and won't be shared with other pull requests or actions. This is a security
 		// measure to prevent a malicious pull request from poisoning the cache with secret-stealing code which would
 		// later be executed on another action.
-		if taskContext["event_name"].GetStringValue() == "pull_request" || taskContext["event_name"].GetStringValue() == "pull_request_target" {
+		if taskContext["event_name"].GetStringValue() == "pull_request" {
 			// Ensure that `Ref` has the expected format so that we don't end up with a useless write isolation key
 			if !strings.HasPrefix(preset.Ref, "refs/pull/") {
 				return fmt.Errorf("write isolation key: expected preset.Ref to be refs/pull/..., but was %q", preset.Ref)