Conditional JSR token auth for PR publishing

Configure deno publish to use JSR_TOKEN for pull_request_target events
while maintaining the existing behavior for other events. This ensures
proper authentication when publishing from external pull requests.

[ci skip]