CI: fix maven-settings-xml-action for PRs from outside the repo

[rursprung]

whenever a PR does not originate from a branch within this repo the CI fails:

Run whelk-io/maven-settings-xml-action@v21
[xmldom error]	invalid doc source 
@#[line:0,col:undefined]
Error: Cannot read properties of undefined (reading 'nodeType')

accordingly the tests are not being executed. this has never worked in this repo and needs to be fixed.

[filipelautert]

Hey @rursprung this a security measure: if we ran tests from any repo PR our secrets may be exposed by malicious code by unknow people. That's why we only run test from trusted contributors that have commit access like you, and for the other ones we need to "Approve" before running them.

[rursprung]

but it crashes instead of just waiting for approval (there's a dedicated approval step) - so i still think this is a bug.
if you check e.g. this workflow run you can see that it passed the "authorize" step.

also, this has always crashed, even when you approved it.

there are also some built-in measures in GitHub to deal with action runs for outside contributors, see their docs. this might be a better approach than just crashing the script?