Remove dependabot restriction

[emcfarlane]

Previously dependabot PRs were skipped as secret access was restricted. GitHub has since added dependabot secrets, making the blanket skip unnecessary and actively harmful to users that depend on private BSR modules during dependabot PRs.

The guard is redundant because the action already handles this correctly without it:

• login() skips gracefully when no token is provided, so dependabot runs without a configured BUF_TOKEN behave identically to before.
• push and archive default to false for pull_request events (which dependabot triggers), so there is no risk of accidental publishing.
• pr_comment has a fork check built into its default expression.
• lint, format, and breaking default to true on PRs, which is correct behavior for dependabot PRs as well.

The only behavioral change is for users who have configured a BUF_TOKEN dependabot secret: those runs will now log in to the BSR, allowing buf to resolve private dependencies. Users without a dependabot secret see no change.

Closes #255