Fix Workflow Security Issue (#252)

* Delete .github/workflows/dependabot-labels.yml

* Update changie-gen.yaml

Author: rocktavious

.github/workflows/changie-gen.yaml

@@ -1,13 +1,17 @@
 name: Changie Gen
 
 on:
-  workflow_run:
-    workflows: [Dependabot Labels]
-    types:
-      - completed
+  pull_request:
+    # catch when the PR is opened with the label or when the label is added
+    types: [labeled]
+
+permissions:
+  contents: write
+  pull-requests: read
 
 jobs:
   generate-changelog:
+    if: contains(github.event.pull_request.labels.*.name, 'dependencies')
     env:
       MAIN_BRANCH: ${{ github.event.workflow_run.pull_requests[0].base.ref }}
       PR_BRANCH: ${{ github.event.workflow_run.pull_requests[0].head.ref }}
@@ -19,7 +23,7 @@ jobs:
       uses: actions/checkout@v4
       with:
         ref: ${{ env.PR_BRANCH }}
-        token: ${{ secrets.ORG_GITHUB_TOKEN }}
+        token: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Check if changelog file exists already
       if: github.event.workflow_run.conclusion == 'success'