"Detect translation file changes" workflow does not work

[Qrox]

Describe the bug

See #59022, where the workflow gives an error saying Error: Unhandled error: HttpError: Resource not accessible by integration.

Also, since new contributors are most likely to modify the translation files, and the workflow needs to be approved for new contributers, it basically means the workflow won't work before someone with permission to approve workflows looks at the PR, which defeats the point of having a bot detect the unwanted changes.

Steps to reproduce

1. Be a new contributor, make a PR modifying files in lang/po.
2. The bot does not warn about the unwanted changes.

Expected behavior

The resource not accessible error should not happen, but I'm not sure what caused it.

Also, it would be nice to have this particular workflow run without approval, but it may introduce security vulnerabilities due to the bot's ability to post comments and it could be made to execute other malicious code.

Screenshots

No response

Versions and configuration

Not applicable

Additional context

No response

[BrettDong]

A workflow triggered by a pull_request event runs in the head branch from the pull request author. It's an untrusted environment so the GitHub API token has read-only permission and cannot perform "write" activities like leaving a comment.

https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/

Pull requests from public forks are still considered a special case and will receive a read token regardless of these settings.