fix: remove context 2 events mappings

client_paylaod (dispatch), commits (push), head_commit (push) and
merge_group are not under external attacker control so remove them

Author: Alvaro Muñoz

ql/lib/ext/config/context_event_map.yml

@@ -40,14 +40,10 @@ extensions:
       - ["workflow_run", "github.event.workflow_run"]
       - ["workflow_run", "github.event.changes"] 
       # workflow_call receives the same event payload as the calling workflow
-      - ["workflow_call", "github.event.client_payload"]
       - ["workflow_call", "github.event.comment"] 
-      - ["workflow_call", "github.event.commits"]
       - ["workflow_call", "github.event.discussion"]
-      - ["workflow_call", "github.event.head_commit"]
       - ["workflow_call", "github.event.inputs"]
       - ["workflow_call", "github.event.issue"] 
-      - ["workflow_call", "github.event.merge_group"] 
       - ["workflow_call", "github.event.pages"] 
       - ["workflow_call", "github.event.pull_request"] 
       - ["workflow_call", "github.event.review"]