workflows: chown workspace before checkout in all repo-runner jobs

The self-hosted 'repository' runner pool is shared across workflows
(and across runs of the same workflow). Several jobs already pre-chown
$GITHUB_WORKSPACE back to the runner user before actions/checkout@v6
fires — update-repository, Sync, Index — precisely because prior sudo
operations on tools/repository/repo.sh output can leave root-owned
files in the workspace. Checkout's default clean: true then fails
with EACCES unlink when it hits one:

  Error: File was unable to be removed Error: EACCES: permission denied,
  unlink '/home/actions-runner-23/_work/armbian.github.io/armbian.github.io/build/.coderabbit.yaml'

Copying and prepare-repos in the caller workflow, and postclean in
the reusable download-external workflow, were the three remaining
repo-runner jobs missing this guard. Add the same 'Fix workspace
ownership' step to each. Makes workspace state robust to whatever
the previous job left behind, without having to reason about which
specific sudo op produced the root-owned file.

Author: igorpecovnik

.github/workflows/infrastructure-download-external.yml

@@ -152,6 +152,18 @@ jobs:
     runs-on: repository
     steps:
 
+      # Pre-chown before checkout. The Purge step below runs sudo
+      # against /publishing/repository-debs and against the runner's
+      # workspace-relative tools/repository/repo.sh output — both can
+      # leave root-owned files under $GITHUB_WORKSPACE, so a later
+      # non-root actions/checkout@v6 with clean: true (in the caller
+      # workflow's Copying job) fails with EACCES. Reclaim ownership
+      # first so the workspace is always deletable by the runner user.
+      - name: Fix workspace ownership
+        if: always()
+        run: |
+          sudo chown -R "$(id -u)":"$(id -g)" "$GITHUB_WORKSPACE" || true
+
       - name: Checkout build repository
         uses: actions/checkout@v6
         with:

.github/workflows/infrastructure-repository-update.yml

@@ -78,6 +78,20 @@ jobs:
     runs-on: repository
     steps:
 
+      # Reclaim workspace before the later actions/checkout@v6 runs
+      # with clean: true. The self-hosted `repository` runner pool is
+      # shared across workflows, and any previous run that left
+      # root-owned files under $GITHUB_WORKSPACE (e.g. the reusable
+      # download-external workflow's postclean, which runs sudo
+      # operations on the repo tree) would trip checkout's unlink
+      # with EACCES on files like build/.coderabbit.yaml. Same
+      # defensive chown the update-repository / Sync / Index jobs
+      # already do as their first step.
+      - name: Fix workspace ownership
+        if: always()
+        run: |
+          sudo chown -R "$(id -u)":"$(id -g)" "$GITHUB_WORKSPACE" || true
+
       - name: Delete empty folders in INCOMING_PATH
         run: |
 
@@ -193,6 +207,12 @@ jobs:
     needs: Copying
     runs-on: repository
     steps:
+      # See Copying's identical step for rationale.
+      - name: Fix workspace ownership
+        if: always()
+        run: |
+          sudo chown -R "$(id -u)":"$(id -g)" "$GITHUB_WORKSPACE" || true
+
       - name: Checkout build repository
         uses: actions/checkout@v6
         with: