Bump slash-command-dispatch and avoid running unverified commit in ok-to-test (#1756)

## Description

Bumps ok-to-test to v3. Plus fix the issue where someone might  have been able to run unverified code if they push between commenting `/ok-to-test` and the job starting.

## Type of change

<!--- Please check the type of change your PR introduces: --->
- [ ] 🌻 Feature
- [ ] 🐛 Bugfix
- [ ] 🗺️ Documentation
- [ ] 🤖 Test
- [x] 💻 CI/Deployment
- [ ] 🐹 Trivial/Minor

## Issue(s)

<!-- Can reference multiple issues. Use one of the following "magic words" - "closes, fixes" to auto-close the Github issue. -->
* https://github.com/alcionai/corso/pull/1651

## Test Plan

<!-- How will this be tested prior to merging.-->
- [x] 💪 Manual
- [ ] ⚡ Unit test
- [ ] 💚 E2E

.github/workflows/ci.yml

@@ -239,17 +239,29 @@ jobs:
       run:
         working-directory: src
     steps:
-      - name: Fail check
+      - name: Fail check if not repository_dispatch
         if: github.event_name != 'repository_dispatch'
         run: |
           echo "Workflow requires approval from a maintainer to run. It will be automatically rerun on approval."
           exit 1
 
+      - uses: marocchino/sticky-pull-request-comment@v2
+        if: github.event.client_payload.slash_command.args.named.sha != '' && contains(github.event.client_payload.pull_request.head.sha, github.event.client_payload.slash_command.args.named.sha)
+        with:
+          message: |
+            Workflow run sha specified via `ok-to-test` is not the latest commit on PR. Run canceled.
+
+      - name: Fail check if not head of PR
+        if: github.event.client_payload.slash_command.args.named.sha != '' && contains(github.event.client_payload.pull_request.head.sha, github.event.client_payload.slash_command.args.named.sha)
+        run: |
+          echo "Workflow run sha specified is not the latest commit on PR. Exiting."
+          exit 1
+
       # add comment to PR with link to workflow run
       - uses: marocchino/sticky-pull-request-comment@v2
         with:
           message: |
-            https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID
+            Test suite run will be available at https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID
 
       # Check out merge commit
       - name: Fork based /ok-to-test checkout

.github/workflows/ok-to-test.yml

@@ -19,7 +19,7 @@ jobs:
           private_key: ${{ secrets.PRIVATE_KEY }}
 
       - name: Slash Command Dispatch
-        uses: peter-evans/slash-command-dispatch@v1
+        uses: peter-evans/slash-command-dispatch@v3
         env:
           TOKEN: ${{ steps.generate_token.outputs.token }}
         with:
@@ -27,5 +27,4 @@ jobs:
           reaction-token: ${{ secrets.GITHUB_TOKEN }}
           issue-type: pull-request
           commands: ok-to-test
-          named-args: true
           permission: write