CI Send notification (PR) fails for PRs from forks

[jsoref]

https://github.com/Hammerspoon/hammerspoon/actions/runs/4283478942/jobs/7459108879#step:13:7

Run /usr/bin/curl -H "X-CI-WebHook: true" -H "Content-Type: application/json" -d '{"secret": "", "repository": "hammerspoon", "workflow": "CI (PR)", "message": "CI for https://github.com/Hammerspoon/hammerspoon/pull/3353 (cmsj)\n  * Spelling\n  * 	 Executed 3[1](https://github.com/Hammerspoon/hammerspoon/actions/runs/4283478942/jobs/7459108879#step:13:1)2 tests, with 52 tests skipped and 0 failures (0 unexpected) in 3773.852 (3774.2[6](https://github.com/Hammerspoon/hammerspoon/actions/runs/4283478942/jobs/7459108879#step:13:7)2) seconds"}' 
curl: no URL specified!
curl: try 'curl --help' or 'curl --manual' for more information
Error: Process completed with exit code 2.

hammerspoon/.github/workflows/ci_testbuild.yml

Line 74 in 82d2159

/usr/bin/curl -H "X-CI-WebHook: true" -H "Content-Type: application/json" -d '{"secret": "${{ secrets.CI_WEBHOOK_SECRET }}", "repository": "hammerspoon", "workflow": "CI (PR)", "message": "CI for ${{ github.event.pull_request.html_url }} (${{ github.actor }})\n * ${{ github.event.pull_request.title }}\n * ${{ steps.test.outputs.test_result }}"}' ${{ secrets.CI_WEBHOOK_URL }}

The code expects ${{ secrets.CI_WEBHOOK_URL }} to have a value, but for pull_request (not pull_request_target) from a forked repository, it won't for security reasons.

It's possible (but not recommended) to make this work by splitting things into two jobs and setting up a restricted permission token for the first job, but i think the simpler to reason through fix is to just condition the step on having a secret.