Fix security scanning for fork-origin PRs

[sachinh-amazon]

Description of changes:

This PR addresses an issue for the security scanning workflow when new PRs are created from forks. The security scan workflow must check out out code from the PR branch and then run scans on it. However, for a fork-origin PR, the PR branch does not exist in the aws/code-editor repo, it only exists in the fork repo.

The scan workflow used to error out before as it was unable to find the PR branch. The current PR fixes that by relying on github.event.pull_request.head.sha when the workflow is invoked for a pull_request_target event.

Besides that, this PR also removes the prefix security- from role-session-name when assuming the AWS IAM role. This is because the role-session-name has a 64 character limit and a few PRs have failed on this step because the character limit was breached.

Testing

Tested out for fork-origin PR and for branch-origin PR in a fork:

1. Successful run for branch-origin PR: https://github.com/sachinh-amazon/code-editor/actions/runs/18190140321
2. Successful run for fork-origin PR: https://github.com/sachinh-amazon/code-editor/actions/runs/18189779024

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[chunqilu]

when will fork-origin PR and branch-origin PR be raised respectively?

[sachinh-amazon]

when will fork-origin PR and branch-origin PR be raised respectively?

@chunqilu it's up to the contributor to decide if they want to create a fork-origin PR or a branch-origin PR. We want to have that flexibility of being able to scan both types of PR.