fix: run generate workflow only on main (separates PR testing from write operations)

[Gen1us1100]

This changes generate.yml so it only runs when code is pushed to main.

Currently, the workflow could run on PR branches and attempt to push regenerated files, which is blocked for Dependabot and other read‑only PRs.

By limiting it to push on main, we:

-- keep PR workflows read‑only (only build and test), -- avoid bots committing back to PR branches, and -- still ensure generated files are updated on main after merges.

This separates testing from write operations and aligns the workflow with GitHub best practices.

[Gen1us1100]

I’m new to GitHub workflows and opened this PR after researching how Dependabot and PR workflows interact. My goal is to move the write steps in generate.yml so they only run on main, which seems to be the safer and cleaner approach. If there’s a better way to handle this, I’m happy to adjust or close the PR. I’m mostly looking to learn and help.