re-think test.yml WRT usage in publish and cron

[jku]

We use test.yml workflow in multiple ways:

• in cron: this warns maintainers if repository is not operational or if metadata in it expires too soon
• in publish: this prevents merging changes that break the repo

The issue is that both cases use the same input values for the test action, in particular:

• valid_days (how many days into future the repository must be valid)
• offline_valid_days(how many days into future the offline metadata must be valid)

for the publish case we probably should use 0 for both cases

[jku]

Issue came up in https://github.com/sigstore/root-signing-staging/issues/179

[jku]

There is a few ways to fix this:

• add an input to the workflow (e.g. test_future_validity) and ensure that this somehow works in cron jobs
  • this has the issue that you can't set default input values for cron... so you still need the actual defaults in environment variables or code
• or stop reusing the workflow and instead call the action directly from publish (this was originally unappealing since we then have to also call custom-test.yml in the root-signing case, so publish becomes more complicated)
• or check if we're running in cron and only then assume we want to test future validity... this feels a bit magical

[jku]

I think the last one is reasonable:

• it means no changes to actions or the template

• but means complicated input args in root-signing:

    # when workflow is reused in publish.yml, do not require future validity
    valid_days:  ${{ github.event_name == 'workflow_call' && 0 || 3 }}

It's really ugly but maybe acceptable..