fix: permissions of validate pipelines (#1316)

* Fix permission in validate-filenames pipeline

* Run Github Actions for script validation on pull_request_target with right permissions

.github/workflows/validate-filenames.yml

@@ -1,23 +1,36 @@
 name: Validate filenames
 
 on:
-  pull_request:
+  pull_request_target:
     paths:
       - "ct/*.sh"
       - "install/*.sh"
       - "json/*.json"
-      - ".github/workflows/validate-filenames.yml"
 
 jobs:
   check-files:
     name: Check changed files
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
 
     steps:
+      - name: Get pull request information
+        uses: actions/github-script@v7
+        id: pr
+        with:
+          script: |
+            const { data: pullRequest } = await github.rest.pulls.get({
+              ...context.repo,
+              pull_number: context.payload.pull_request.number,
+            });
+            return pullRequest;
+
       - name: Checkout code
         uses: actions/checkout@v4
         with:
           fetch-depth: 0 # Ensure the full history is fetched for accurate diffing
+          ref: ${{ fromJSON(steps.pr.outputs.result).merge_commit_sha }}
 
       - name: Get changed files
         id: changed-files