ci: Restrict deployment workflows to not run on forks

[matthewfeickert]

Description

• Restrict workflows involving deployment or repository specific secrets to to only run on the https://github.com/scikit-hep/pyhf/ repository and not forks.
• Also restrict workflows that run on nightly schedules so if there are failures it doesn't create noise on forks.

The motivation of this is to improve the developer experience of working on forks (which I'd like the devs to try to do too, not just contributors).

Checklist Before Requesting Reviewer

• Tests are passing
• "WIP" removed from the title of the pull request
• Selected an Assignee for the PR to be responsible for the log summary

Before Merging

For the PR Assignees:

• Summarize commit messages into a comprehensive review of the PR

* Restrict workflows involving deployment or repository specific secrets to
  to only run on the scikit-hep/pyhf repository and not forks.
* Also restrict workflows that run on nightly schedules so if there are
  failures it doesn't create noise on forks.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.23%. Comparing base (be9ee54) to head (10df187).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2617   +/-   ##
=======================================
  Coverage   98.23%   98.23%           
=======================================
  Files          65       65           
  Lines        4198     4198           
  Branches      592      592           
=======================================
  Hits         4124     4124           
  Misses         45       45           
  Partials       29       29           

Flag	Coverage Δ
contrib	97.97% <ø> (ø)
doctest	98.09% <ø> (ø)
unittests-3.10	96.28% <ø> (ø)
unittests-3.11	96.28% <ø> (ø)
unittests-3.12	96.28% <ø> (ø)
unittests-3.13	96.28% <ø> (ø)
unittests-3.8	96.28% <ø> (ø)
unittests-3.9	96.33% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[matthewfeickert]

I'm going to add copilot as a reviewer just to see what it says out of curiosity.

[Copilot]

Pull Request Overview

This PR restricts CI/CD workflows to run only on the main scikit-hep/pyhf repository and not on forks, improving the developer experience by preventing deployment-related workflow failures on forked repositories.

Key Changes:

• Added repository checks to deployment workflows (release tests, docs deployment, Docker registry logins)
• Added repository checks to scheduled dependency testing workflows
• Added repository checks to Codecov reporting steps

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
.github/workflows/release_tests.yml	Prevents PyPI release workflow from running on forks
.github/workflows/docs.yml	Restricts GitHub Pages deployment to main repository only
.github/workflows/docker.yml	Prevents Docker registry login attempts on forks
.github/workflows/dependencies-head.yml	Restricts all nightly dependency test jobs to main repository
.github/workflows/ci.yml	Prevents Codecov reporting from forks

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}