Use safer way to determine login for dependabot bot automerge

Author: colindean

.github/workflows/dependabot-automerge.yaml

@@ -8,7 +8,7 @@ permissions:
 jobs:
   dependabot:
     runs-on: ubuntu-latest
-    if: github.actor == 'dependabot[bot]' && github.repository == github.event.pull_request.head.repo.full_name
+    if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == github.event.pull_request.head.repo.full_name
     steps:
       - name: Dependabot metadata
         id: metadata