[ci][fix] fix label ci run failed

[Hisoka-X]

This pull request makes a minor change to the GitHub Actions workflow trigger. The workflow now uses the pull_request_target event instead of pull_request. To fix https://github.com/apache/flink-cdc/actions/runs/21825838455/job/62970453372

[yuxiqian]

Thanks Hisoka's investigation, seems we can't grant write permission to a pull_request triggered workflow from a fork repo. But pull_request_target trigger is prohibited by ASF infra policies.

Modifying the parallelism settings does not solve the resource limitations of the action runner under the Apache organization. Perhaps we can consider moving the action execution to the contributor's fork repository (which is completely free). This would avoid Apache's limitations, and this approach is currently used in both Spark and SeaTunnel.

That would be great if possible. Could you please elaborate on this and please let me know if there's anything I can help.

+@leonardBang

[Hisoka-X]

This actually covers two things. The first is about the use of pull_request_target. According to the ASF infra policies, the original text states:

You MUST NOT use pull_request_target as a trigger on ANY action that exports ANY confidential credentials or tokens such as GITHUB_TOKEN or NPM_TOKEN.

My understanding is that we cannot use pull_request_target to access any confidential data, but this doesn't mean we cannot use pull_request_target at all.

The second point is about running actions in a forked repository. The resulting effect can be seen at https://github.com/gaogaotiantian/spark/runs/63040577681, where the action runs in the forked repository and the results are tracked on the pull request. I can implement this if needed.

@yuxiqian