Migrate public coverage publishing away from cross-repo pushes

[kvz]

Why

The current public coverage report publishing flow writes from transloadit/node-sdk into transloadit/node-sdk-coverage with an SSH deploy key. After enabling required verified commits, we added a signing workaround in #427, but that still leaves the workflow holding long-lived cross-repo credentials.

Considerations

• Cross-repo pushes require extra credentials beyond the default GITHUB_TOKEN.
• A compromised trusted main or scheduled workflow runner could use or exfiltrate those credentials.
• Signing generated commits improves provenance, but it does not remove the cross-repo write capability.
• GitHub Pages now supports Actions-based deployments from the same repository using short-lived token permissions: contents: read, pages: write, and id-token: write.
• Same-repo Pages deployment avoids generated commits, deploy keys, bot signing keys, and a separate coverage repository.
• The main tradeoff is URL shape: moving from https://transloadit.github.io/node-sdk-coverage/ to the same-repo project Pages URL, likely https://transloadit.github.io/node-sdk/, unless we keep a redirect or custom coverage URL.

Plan

• Replace the cross-repo coverage checkout/push steps with actions/upload-pages-artifact and actions/deploy-pages.
• Configure transloadit/node-sdk Pages source to GitHub Actions.
• Remove COVERAGE_REPO_SSH_PRIVATE_KEY and COVERAGE_REPO_SIGNING_SSH_KEY from the workflow and repo secrets.
• Verify the Pages deployment works from main.
• Remove the obsolete transloadit/node-sdk-coverage repository after migration.

[kvz]

Implementation PR: #429. This moves coverage publishing to same-repo GitHub Pages Actions and removes the cross-repo deploy-key/signing-key path.