The d-bis/cross-chain-pmm-lps repo is now public on Gitea, so we can
shallow-clone it anonymously in the validate step without any token
plumbing. Drops the actions/checkout@v4 + GITHUB_TOKEN approach that
failed because the built-in Actions token is scoped to the running
repo only.
Anonymous git clone of the private d-bis/cross-chain-pmm-lps repo hangs
on the Gitea runner waiting for credentials. Use actions/checkout@v4
with `repository`, `path`, and `token: secrets.GITHUB_TOKEN` so the
in-org runner token handles auth cleanly in both deploy-to-phoenix.yml
and validate-on-pr.yml.
The validate job in deploy-to-phoenix.yml (and validate-on-pr.yml) relies on
cross-chain-pmm-lps/config/*.json for the cW* mesh matrix and deployment
rules checks, but actions/checkout@v4 does not initialize submodules.
.gitmodules mixes Gitea HTTPS and git@github.com: SSH URLs, so blanket
'submodules: recursive' isn't safe on the runner either.
- Add a pre-step to each validate job that shallow-clones
https://gitea.d-bis.org/d-bis/cross-chain-pmm-lps.git into
./cross-chain-pmm-lps/ when deployment-status.json isn't present.
Idempotent: no-op on hosts that already have the submodule.
- Harden run-all-validation.sh step 3/3b to degrade gracefully with a
clear skip message when deployment-status.json is absent, so local
runs without the submodule don't false-fail.
Fixes the pre-existing validation failure (runs 132-137) that was
blocking the new deploy-atomic-swap-dapp job from triggering.
