ci: skip Docker Hub login on PRs from forks

[tasuku43]

Summary

• GitHub Actions does not expose secrets to workflows triggered by PRs from forked repositories. As a result, docker/login-action in the test job fails with Username and password required for external contributors' PRs (see PR #4292 run).
• Skip the Docker Hub login step when the PR head repo is not this repository.
• The push and manifest jobs are guarded by if: github.ref_name == 'master' and never run on fork PRs, so they are unaffected.

Why skipping the login is safe for the test job

• The test job only runs make build / make test and never pushes, so authentication is not strictly required.
• All base images referenced by Dockerfile* in this repository are public — Docker Hub library images (alpine, ubuntu, mysql, python, ruby, node, debian, busybox, docker, ...), public vendor images (amazon/aws-cli, datadog/..., confluentinc/..., crossplane/..., summerwind/actions-runner, adoptopenjdk/*, circleci/*, fluent/fluentd, curlimages/curl), GHCR (ghcr.io/actions/actions-runner), Quay (quay.io/argoproj/argocd), and the project's own publicly-pushed chatwork/* images. None of them require authentication.
• Without login, anonymous pulls are subject to Docker Hub's rate limit, but the impact is limited because this only affects fork PRs (internal PRs and pushes to master still log in as before). If it ever becomes a real problem we can revisit (e.g. registry mirror, or asking maintainers to retrigger CI from an internal branch).

[kb-hiroyaataka]

LGTM!