fix(ci): use URL-embedded token for cross-repo clone

actions/checkout@v3's Basic auth header fails with 403 Forbidden when
accessing a different private repository (CR_PAT only works for the
current repo's scope via that method).

Switch to a plain git clone with the token embedded in the HTTPS URL,
which matches how previous builds successfully cloned schwab-scraper.

.gitea/workflows/build.yaml

@@ -15,13 +15,14 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
 
-      - name: Checkout schwab-scraper
+      - name: Clone schwab-scraper
-        uses: actions/checkout@v3
+        run: |
-        with:
+          mkdir -p vendor
-          repository: b3nw/schwab-scraper
+          # Use URL-embedded token for cross-repo access (CR_PAT has registry
-          path: vendor/schwab-scraper
+          # scope; actions/checkout@v3's Basic auth header fails with 403).
-          token: ${{ secrets.CR_PAT }}
+          git clone --depth=1 --branch main \
-          ref: main
+            "https://${{ gitea.actor }}:${{ secrets.CR_PAT }}@gitea.ext.ben.io/b3nw/schwab-scraper.git" \
+            vendor/schwab-scraper
 
       - name: Login to Gitea Container Registry
         uses: docker/login-action@v2