I've fixed the preview workflow for forks and added some security enhancements. (#144)

I saw that the `preview.yml` workflow was failing for pull requests from forked repositories because it could not access the `EXPO_TOKEN` secret.

To fix this, I made the following changes:
1. I changed the workflow trigger from `pull_request` to `pull_request_target`. This allows the workflow to access secrets on pull requests from forks.
2. I added a security measure to prevent the workflow from running automatically on forked PRs. The workflow will now only run if the pull request has the label 'run-preview'. This allows a maintainer to review the code before triggering the preview build.
3. I'm now explicitly checking out the head of the pull request to ensure the preview is generated for the code in the PR.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

Author: google-labs-jules[bot]

.github/workflows/preview.yml

@@ -1,18 +1,21 @@
 name: Create EAS Preview
 
 on:
-  pull_request:
+  pull_request_target:
 
 permissions:
   contents: read
   pull-requests: write
 
 jobs:
   preview:
+    if: contains(github.event.pull_request.labels.*.name, 'run-preview')
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
         uses: actions/checkout@v5
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Setup Node.js
         uses: actions/setup-node@v4