Improvement in documentation for pull_request_target event usage in README

[suyashgaonkar]

Description:
Added documentation explaining how to be careful with an action with the pull_request_target event to avoid security issues. Improved instructions for users who want to trigger the action on pull requests from forks or for enhanced security scenarios.

Related issue:
Related to #755

[Copilot]

Pull Request Overview

This PR enhances the README by adding a security warning about using the pull_request_target event and improves guidance for workflows that need write permissions on forked pull requests.

• Adds a cautionary note on potential security risks when using pull_request_target
• Emphasizes designing workflows to avoid executing untrusted code and limiting sensitive access

Comments suppressed due to low confidence (3)

README.md:262

• Correct the spelling of "advisible" to "advisable".

Hence it is advisible that pull_request_target should only be used in workflows that are carefully designed to avoid executing untrusted code...

README.md:262

• [nitpick] This sentence is very long and contains multiple clauses. Consider splitting it into two or more sentences and removing the comma splice before "Hence" for readability.

There exists a potentially dangerous misuse of the pull_request_target workflow trigger that may lead to malicious PR authors (i.e. attackers) being able to obtain repository write permissions or stealing repository secrets, Hence it is advisible...

README.md:262

• [nitpick] The list item marker (-) and indentation were removed. Add the leading hyphen and proper indentation to maintain consistent markdown list formatting.

[`pull_request_target`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target) instead of `pull_request` (see example [above](#create-workflow)).