Mitigate pull_request_target privilege escalation

Hotfix — replaces pull_request_target with pull_request to stop
granting write permissions and secrets to fork PRs. Some workflows
will break; can be fixed properly later.

.github/workflows/ci-compat.yml

@@ -1,6 +1,6 @@
 name: ABI Compatibility
 on:
-  pull_request_target:
+  pull_request:
 
 permissions: {}
 
@@ -77,7 +77,7 @@ jobs:
       pull-requests: write  #  to create or update comment (peter-evans/create-or-update-comment)
 
     name: ABI - Difference
-    if: ${{ github.event_name == 'pull_request_target' }}
+    if: ${{ github.event_name == 'pull_request' }}
     runs-on: ubuntu-latest
     needs:
       - abi-head