"Preview" job fails for users without write access

[dmcardle]

I've seen this a few times. Most recently, when I pushed to PR #147, the "Preview" job failed here, with an apparent permissions error[^1]. It really confused me at first that we were deploying for each PR, but this does seem to be intentional. It looks like preview.yml deploys the HTML artifacts to a a directory based on the PR number, so we're not clobbering the tip-of-tree build like I was afraid of. Still, the undesirable effect is that PRs from users without write access are guaranteed to fail CI.

Maybe we should just convert the "Preview" job to a "Validate" job and skip the deployment to the gh-pages branch? Pushes to main should still be covered by build.yml.

As for the little "preview" links that get edited into PR descriptions — those actually come from the "pr-preview" bot[^2] and the previews are hosted on AWS. I think it's completely distinct from the preview.yml.

[^1]: For posterity, here's the error message:

    $ git push --force-with-lease origin "gh-pages"
      remote: Permission to patcg-individual-drafts/private-aggregation-api.git denied to github-actions[bot].
      fatal: unable to access 'https://github.com/patcg-individual-drafts/private-aggregation-api.git/': The requested URL returned error: 403
    {
      message: 'Command `git push --force-with-lease origin "gh-pages"` failed with exit code: 128.',
      stdout: '',
      stderr: 'remote: Permission to patcg-individual-drafts/private-aggregation-api.git denied to github-actions[bot].\n' +
        "fatal: unable to access 'https://github.com/patcg-individual-drafts/private-aggregation-api.git/': The requested URL returned error: 403",
      code: 128
    }

[^2]: