Label on approved is running with wrong permissions

pull_request_review might not grant required permissions. pull_request_target runs in the context of the base repository (i.e., the one the PR is targeting),
giving the correct access to secrets and permissions.

.github/workflows/pr-label-on-approved.yml

@@ -1,5 +1,5 @@
-on: pull_request_review
-name: Label approved pull requests
+name: "Label approved pull requests"
+on: pull_request_target
 
 permissions:
   contents: read          # Required for checking changed files
@@ -9,10 +9,10 @@ permissions:
 jobs:
   labelWhenApproved:
     if: ${{ github.repository_owner == 'armbian' }}
-    name: Label when approved
+    name: "Label when approved"
     runs-on: ubuntu-latest
     steps:
-    - name: Label when approved
+    - name: "Label when approved"
       uses: pullreminders/label-when-approved-action@master
       env:
         APPROVALS: "1"