PR preview not working for fork / external contributions

[koverholt]

In #1134, a GitHub action was added to build PR previews when the build-preview label is added to a PR. This seems to be working for branches in this repo (e.g., I tested in #1158).

But it is not working for PRs coming from forks / external contributors (e.g., #1165).

https://github.com/google/adk-docs/actions/runs/21290630476/job/61291033305

A potential fix is to use pull_request_target instead of pull_request in the action, but I know this has been flagged in other repos that I work in as a potential vulnerability. So perhaps there is an alternative approach, or a way to use pull_request_target securely?

[koverholt]

Note that we also have to manually "Approve workflows to run" for fork PRs, so it might be the case that https://github.com/google/adk-docs/actions/runs/21290630476/job/61291033305 happened before I approved workflows in that PR. So we might need to figure out a better coupling between workflow approval settings and the PR preview action.