fix: allow to manually run external contributors workflows

[eliecharra]

Description of the change

This changed the way we run the test workflow that requires secrets.

Actually we should close contributors PRs and reopen ourselves to be able to run tests. That is a massive PITA.

Dependabot PRs are also broken.

This changes how we run this test workflow by using pull_request_target and then manually checking for permissions. We also always allow dependabot to run.

So for an external contributor, our workflow would be:

• external contributor fork the project and create a new PR targetting main
• the test workflow run and fails
• one internal maintainer review the PR
• internal maintainers can retry the failed run if the PR looks safe
• all green, we can merge

Type of change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation (non-breaking change that adds documentation)

Checklists

Development

• Lint rules pass locally
• The code changed/added as part of this pull request has been covered with tests
• All tests related to the changed code pass in development
• Examples for new resources and data sources have been added
• Default values have been documented in the description (e.g., "Dummy: (Boolean) Blah blah. Defaults to false.)
• If the action fails that checks the documentation: Run go generate to make sure the docs are up to date

Code review

• This pull request has a descriptive title and information useful to a reviewer. There may be a screenshot or screencast attached
• Pull Request is no longer marked as "draft"
• Reviewers have been assigned
• Changes have been reviewed by at least one other engineer

[eliecharra]

Allows dependabot to pass anyway. For anyone else, check if we have write access from the previous step, otherwise make the workflow fail with a few debug info about why.