fix(ci): resolve nightly workflow permission error (#230)

The nightly workflow was failing validation because test.yml declared
`checks: write` at the workflow level. When a reusable workflow declares
permissions, the caller must grant them. Scheduled runs have limited
permissions and cannot grant `checks: write`, causing validation to fail
before any code runs.

Changes:
- Remove `permissions` block from test.yml so it inherits from caller
- Add `checks: write` to nightly.yml (granted for manual runs, ignored
for scheduled runs which have limited permissions)
- Add workflow_dispatch input to optionally enable coverage annotation
- Make skip_coverage_annotation dynamic: always true for scheduled runs,
configurable for manual runs

---------

Co-authored-by: Claude <[email protected]>

Author: deviantintegral

.github/workflows/nightly.yml

@@ -4,13 +4,20 @@ on:
   schedule:
     # Run every Monday at 12 AM UTC
     - cron: '0 0 * * 1'
-  workflow_dispatch: # Allow manual trigger
+  workflow_dispatch:
+    inputs:
+      skip_coverage_annotation:
+        description: 'Skip coverage annotation'
+        required: false
+        default: true
+        type: boolean
 
 permissions:
   contents: read
+  checks: write
 
 jobs:
   test:
     uses: ./.github/workflows/test.yml
     with:
-      skip_coverage_annotation: true
+      skip_coverage_annotation: ${{ github.event_name == 'schedule' || inputs.skip_coverage_annotation }}

.github/workflows/test.yml

@@ -9,10 +9,6 @@ on:
         default: false
         type: boolean
 
-permissions:
-  contents: read
-  checks: write
-
 jobs:
   tests:
     name: Tests (PHP ${{ matrix.php }})