[Bug-fix] dependabot jobs failing from wrong claim (#7173)

Dependabot workflows have been failing since 12-11-2025 (the last change to this file) due to 
```
Attempt 1 failed. Error: HTTP error! status: 403, {"code":7,"message":"trust policy: claim \"job_workflow_ref\" did not match \"^DataDog/dd-trace-js/.github/workflows/dependabot-automation.yml@refs/heads/master$\"","details":[]}
```
The JWT in the error logs have claim: "job_workflow_ref": "DataDog/dd-trace-js/.github/workflows/dependabot-automation.yml@refs/pull/{number}/merge", while the [policy](https://github.com/DataDog/dd-trace-js/edit/master/.github/chainguard/dependabot-automation.sts.yaml) only accepts "^DataDog/dd-trace-js/.github/workflows/dependabot-automation.yml@refs/heads/master$\".

Author: d-niu

.github/chainguard/dependabot-automation.sts.yaml

@@ -3,7 +3,7 @@ issuer: https://token.actions.githubusercontent.com
 subject: repo:DataDog/dd-trace-js:pull_request
 
 claim_pattern:
-  event_name: pull_request
+  event_name: pull_request_target
   ref: refs/heads/master
   ref_protected: "true"
   job_workflow_ref: DataDog/dd-trace-js/.github/workflows/dependabot-automation.yml@refs/heads/master