Show a warning in workflow runs suspect of building in the publish job

[webknjaz]

Previously, I didn't know if it's possible to detect. However, I just occurred to me that this can be inferred from the environment state. I think that we should be able to inspect the presence of other actions being checked out on disk to see if there's anything beyond pypa/gh-action-pypi-publish and actions/download-artifact present in the actions cache directory.

[webknjaz]

I just realized that it's as simple as detecting the presence of .git/ in CWD. Somebody downloading artifacts from another job wouldn't use actions/checkout and so there wouldn't be a Git repository in the first place. #363 is what inspired me with this idea.