/git-artifacts and /release need to be more careful when looking for runs

The `/git-artifacts` and `/release` slash commands need to look for
`tag-git` and `git-artifacts` Check Runs, respectively. However, those
Check Runs could potentially be created via regular PR workflow runs
that are triggered by PRs opened by untrusted users.

Let's make sure that these slash commands only ever look for Check Runs
that were triggered by the GitForWindowsHelper GitHub App.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Author: dscho

GitForWindowsHelper/slash-commands.js

@@ -289,6 +289,7 @@ module.exports = async (context, req) => {
                 'tag-git'
             )
             const latest = runs
+                .filter(run => run.app?.slug === 'gitforwindowshelper')
                 .sort((a, b) => a.id - b.id)
                 .pop()
             if (latest && latest.status === 'completed' && latest.conclusion === 'success') {
@@ -411,7 +412,7 @@ module.exports = async (context, req) => {
                         workflowName
                     )
                     const latest = runs
-                        .filter(run => run.output.summary.indexOf(` from commit ${commitSHA} ` > 0))
+                        .filter(run => run.app?.slug === 'gitforwindowshelper' && run.output.summary.indexOf(` from commit ${commitSHA} ` > 0))
                         .sort((a, b) => a.id - b.id)
                         .pop()
                     if (latest) {