Possibly switch local workflow and (add) examples to use pull_request_target #31
Description
Currently, this action setup the way documented in the recipes will only work for people pushing branches in the source repo.
If someone forks the repo and opens a PR, the action will fail since it will have a read only github token (can't make PR comments).
This can be solved by using the pull_request_target trigger, but that means the workflow will run in the context of the source repo (security risk).
i think if we ensure the jobs don't have such permissions, and only the diff job has the write permission, things will be ok