Any PR with "dangerous" edits should be considered dangerous (mdn#3200)

* Any PR with "dangerous" edits should be considered dangerous

Fixes mdn#2985

* try again

* no need for it being a pull_request_target

* only on mdn/content

* repository_owner

* repository_owner

* dbg

* must be pull_request_target

* comment out

* more small edits

* rename

.github/workflows/system-file-changes.yml

@@ -0,0 +1,35 @@
+name: System file changes
+
+on:
+  pull_request_target:
+    paths:
+      - '.github/workflows/**'
+      - '.github/CODEOWNERS'
+      - '.github/dependabot.yml'
+      - 'pr-lint/**'
+      - 'scripts/**'
+      - package.json
+      - yarn.lock
+
+jobs:
+  triage:
+    # This make sure it only runs on our origin repo
+    # and make an exception for Dependabot.
+    if: github.repository_owner == 'mdn' && github.event.pull_request.user.login != 'dependabot[bot]'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Stop anything and everything
+        run: |
+          # echo "Any PR that edits these files should break the build and expect admin overrides"
+          echo "PR user?"
+          echo ${{ github.event.pull_request.user.login }}
+          echo "PR actor?"
+          echo ${{ github.actor }}
+          echo "Repository owner?"
+          echo ${{ github.repository_owner }}
+          echo ${{ github.event.pull_request }}
+
+          # XXX This is temporarily commented out until we understand better
+          # how to actually works. We need to test what happens when
+          # PRs on forks come in that edit any of these files.
+          # exit 1