Dependabot PRs do not have access to regular repository secrets
(KETRYX_PROJECT, KETRYX_API_KEY) due to GitHub security restrictions.
This is by design to prevent malicious dependency updates from
accessing sensitive information.

This change skips the ketryx_report_and_check job when the PR
is opened by dependabot[bot]. All other CI checks (lint, audit,
test, codeql) still run normally for Dependabot PRs.

The Ketryx compliance report will still be generated when the PR
is merged to main, so no compliance tracking is lost.

Fixes issue where PR #379 (dependabot) fails with:
'Missing input project' error

Related to successful PR #380 (user-opened) which has access
to all secrets.