[x] Short/medium-term: move the Codecov upload step to a separate dependent job so when it fails it can be restarted without having to re-run the test suite
[ ] Long-term: move the Codecov upload step to a separate dependent workflow that is able to access repository secrets so that a dedicated Codecov auth token can be used (as opposed to relying on the GHA "no tokens needed" default we have now, which is likely what's being causing the failures)
Problem
Solution