Shortly after minimizing the new authors check to one workflow, github
released an action update that required more permissions due to an
attack scenario, which didn't really apply to us as we didn't run code
from the remotes fork.
However, to avoid extending permissions, rework the authors check to
pull the OISF repo, checkout the PR fork as history, then do the new
authors check. This safely allows the check to run in the context of our
repo without the fork being able to inject code execution.