chore: [SECURITY-1357] refine condition for dependabot approval in workflow

This change improves the security of the dependabot auto-approval workflow by:
- Checking the PR user login instead of github.actor
- Verifying the PR is from the same repository (not a fork)

This prevents potential security issues where forked PRs could be auto-approved.

Author: forged-request

.github/workflows/auto-merge.yml

@@ -9,7 +9,7 @@ jobs:
       contents: write
       id-token: write
     runs-on: ubuntu-latest
-    if: github.actor == 'dependabot[bot]'
+    if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == github.event.pull_request.head.repo.full_name
     steps:
       - name: Fetch Dependabot metadata
         id: dependabot-metadata