Fix submodule auth in upload workflows

[RisingOrange]

The upload-to-ankiweb and upload-to-s3 child jobs were failing when called from the create-release workflow. Both jobs run bash ./scripts/release.sh, which calls build.py, which calls git submodule update --init --recursive. This failed for the private ankihub_web submodule because the checkout step had no credentials configured.

Related issues

• N/A

Proposed changes

• Add token: ${{ secrets.WORKFLOW_GIT_ACCESS_TOKEN }} and submodules: recursive to the actions/checkout step in both upload_to_ankiweb.yml and upload_to_s3.yml, matching the pattern already used in create_release.yml
• Declare WORKFLOW_GIT_ACCESS_TOKEN in the workflow_call.secrets block of both workflows so the dependency is explicit
• Bump upload_to_s3.yml from actions/checkout@v2 to @v4

How to reproduce

Trigger the Create Release workflow — the child upload-to-ankiweb and upload-to-s3 jobs would fail at the "Create ankiaddon file" step with fatal: could not read Username for 'https://github.com' followed by error: File not found: media_import/requirements.txt.

Screenshots and videos

N/A

Further comments

The create_release job was already working because it had token + submodules: recursive in its checkout step. The child workflows were missing this, so build.py's git submodule update had no credentials and failed on the private submodule.

[gemini-code-assist]

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.