Github workflows: Only upload to pypi in upstream repo

This is not a security measure: it makes testing the CD/release workflow
(at least the non-pypi-upload parts) in a fork a little easier as the pypi
upload is skipped.

This does make testing the pypi upload even more difficult but maybe
that is acceptable?

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>

Author: jku

.github/workflows/cd.yml

@@ -82,6 +82,8 @@ jobs:
           path: dist
 
       - name: Publish binary wheel and source tarball on PyPI
+        # Only attempt pypi upload in upstream repository
+        if: github.repository == 'theupdateframework/python-tuf'
         uses: pypa/gh-action-pypi-publish@37f50c210e3d2f9450da2cd423303d6a14a6e29f
         with:
           user: __token__