Feat/add workflow preview prs

[f-hollow]

Description

This PR adds final fixes for workflows to preview PRs.

As can be seen below, the code has been thoroughly tested, so I will merge it without reviews.

Related

• Issues:
  • Is there an easy way to preview the new article? #43
• Pull requests:
  • Feat/add workflow preview prs #348
  • feat: add separate workflows to build and deploy preview pr #359

Testing

Testing was done in this PR in a fork.

Among other tests, attempts were made to expose the secrets:

      - name: Debug output
        run: echo "AWS Key ${{ secrets.AWS_REGION }}"
        continue-on-error: true

      - name: List environment variables
        run: env
        continue-on-error: true

      - name: Log indirect secret
        run: echo "Prefix-${{ secrets.AWS_REGION }}-Suffix"
        continue-on-error: true

The attempts were unsuccessful, which corroborates the idea that it should be reasonably safe to have workflows for fork PRs that require access to secrets if such workflows use the events:

• pull_request for checking out and building potentially unsafe code from fork PR
• workflow_run for tasks that require access to repository secrets, such as deploying previews to an S3 bucket

For details, see Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests

---

Checklist

Before submitting a Pull Request, please ensure the following:

• 🚨 This PR does not introduce breaking changes.
• All CI checks (GH Actions) pass.
• Documentation is updated as needed.
• Tests are updated or added as necessary.
• Code is well-commented, especially in complex areas.
• Git history is clean — commits are squashed to the minimum necessary.