Add foreman_rh_cloud CI tests to catch breaking changes early

[jeremylenz]

This adds a new non-blocking workflow that runs foreman_rh_cloud tests against Katello PRs. This will help catch breaking changes before they are merged, similar to how Foreman tests Katello.

The workflow is non-blocking (indicated by the workflow name) so foreman_rh_cloud test failures won't prevent Katello PRs from merging, but developers will be notified of potential issues.

Summary by Sourcery

CI:

• Introduce a non-blocking GitHub Actions workflow that runs the shared foreman_plugin pipeline against the foreman_rh_cloud repository for master and KATELLO-* branches.

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• Consider narrowing the pull_request trigger (e.g., using paths or specific branches) if running dependent plugin tests on every PR is unnecessary, to avoid wasting CI resources.
• The concurrency.group key is just ${{ github.ref_name }}-dependent-plugins; if other workflows use a similar pattern, you may want to include the workflow name or file name to avoid unintended cross-workflow cancellations.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Consider narrowing the `pull_request` trigger (e.g., using `paths` or specific branches) if running dependent plugin tests on every PR is unnecessary, to avoid wasting CI resources.
- The `concurrency.group` key is just `${{ github.ref_name }}-dependent-plugins`; if other workflows use a similar pattern, you may want to include the workflow name or file name to avoid unintended cross-workflow cancellations.

## Individual Comments

### Comment 1
<location path=".github/workflows/dependent_plugins.yml" line_range="5-12" />
<code_context>
+  group: ${{ github.ref_name }}-dependent-plugins
+  cancel-in-progress: true
+
+jobs:
+  foreman_rh_cloud:
+    name: foreman_rh_cloud
+    uses: theforeman/actions/.github/workflows/foreman_plugin.yml@v0
</code_context>
<issue_to_address>
**🚨 suggestion (security):** Workflow is missing an explicit permissions block, which defaults to broad write access.

GitHub Actions issues a broad token by default. Please add a top-level `permissions:` block and restrict it to the minimum needed (likely `contents: read`, unless this reusable workflow requires more) to limit impact if a job step is compromised.

```suggestion
  push:
    branches:
      - 'master'
      - 'KATELLO-*'

permissions:
  contents: read

concurrency:
  group: ${{ github.ref_name }}-dependent-plugins
  cancel-in-progress: true
```
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[evgeni]

This won't checkout the Katello PR, so won't test what you wanted to test.

(No, I have no idea how to quickly implement what you want)

[evgeni]

Let's see if theforeman/foreman_rh_cloud#1157 helps

[evgeni]

@jeremylenz okay, that seems to work, but I thought rh cloud is busted right now?

[jeremylenz]

I thought rh cloud is busted right now?

theforeman/foreman_rh_cloud#1156 should theoretically have un-busted it.