GH Actions: special case Dependabot PRs for Coveralls

Follow up on PR 468.

Turns out Dependabot PRs do not have access to secrets with the exception of (read-only) access to the `GITHUB_TOKEN`.

As the coverage test runs and the Coveralls status are required builds, this blocks Dependabot PRs from being merged without overruling the required statuses.

As I'd like to avoid that situation, I'm special casing Dependabot PRs for the token selection.

Refs:
* lemurheavy/coveralls-public#1721
* https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#responding-to-events

.github/workflows/test.yml

@@ -366,7 +366,9 @@ jobs:
       - name: Upload coverage results to Coveralls
         if: ${{ success() }}
         env:
-          COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_TOKEN }}
+          # Dependabot does not have access to secrets, other than the GH token.
+          # Ref: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
+          COVERALLS_REPO_TOKEN: ${{ github.actor != 'dependabot[bot]' || "secrets.COVERALLS_TOKEN" && "secrets.GITHUB_TOKEN" }}
           COVERALLS_PARALLEL: true
           COVERALLS_FLAG_NAME: php-${{ matrix.php }}-phpcs-${{ matrix.phpcs_version }}
         run: php-coveralls -v -x build/logs/clover.xml
@@ -381,5 +383,7 @@ jobs:
       - name: Coveralls Finished
         uses: coverallsapp/github-action@v2
         with:
-          github-token: ${{ secrets.COVERALLS_TOKEN }}
+          # Dependabot does not have access to secrets, other than the GH token.
+          # Ref: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
+          github-token: ${{ github.actor != 'dependabot[bot]' || "secrets.COVERALLS_TOKEN" && "secrets.GITHUB_TOKEN" }}
           parallel-finished: true