Pass license file to a runner when a workflow is triggered

Our Github Actions workflows include tests for integrations with external solvers. One of these external solvers requires a license file that would need to be passed to the workflow. We have a community license file, but we would like to restrict view access to that license to the members of our organization while still allowing pull requests from forks (internal or external to organization) to run the workflows.

Is there a way to do this?

The only option I can think of right now is to use a repo secret to store the license file.  However, because there is no way to prevent untrusted from reading secrets sent to a workflow we do not provide repo secrets to workflow runs triggered by pull requests from repo forks.