cascading-runs: can only be triggered via G4WHelper-owned Check Runs

The cascading runs are supposed to be triggered by Check Runs that were
created and updated by the GitForWindowsHelper GitHub App.

Let's ensure that that's the case, lest an enterprisey attacker somehow
manages to trigger those cascading runs when they shouldn't trigger.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Author: dscho

GitForWindowsHelper/index.js

@@ -66,6 +66,7 @@ module.exports = async function (context, req) {
     try {
         const { cascadingRuns, handlePush } = require('./cascading-runs.js')
         if (req.headers['x-github-event'] === 'check_run'
+            && req.body.app?.slug === 'gitforwindowshelper'
             && req.body.repository.full_name === 'git-for-windows/git'
             && req.body.action === 'completed') return ok(await cascadingRuns(context, req))