fix: add debug workflow to verify checkout issue

- Add minimal debug workflow to security-scanning.yml
- Test actions/checkout@v4 vs manual git clone
- Verify repository context before and after checkout
- Add package.json detection and npm install test
- Prepare manual clone fallback if checkout fails

.gitea/workflows/security-scanning.yml

@@ -1,13 +1,31 @@
-name: security
+name: debug
 
 on:
-  push:
   workflow_dispatch:
 
 jobs:
-  audit:
-    runs-on: debian 
+  debug:
+    runs-on: debian
+
     steps:
-      - uses: actions/checkout@v4
-      - run: npm install
-      - run: npm audit || true
+      - name: DEBUG BEFORE CHECKOUT
+        run: |
+          echo "=== BEFORE ==="
+          pwd
+          ls -la
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: DEBUG AFTER CHECKOUT
+        run: |
+          echo "=== AFTER ==="
+          pwd
+          ls -la
+
+      - name: Find package.json
+        run: |
+          find . -name package.json || true
+
+      - name: Install deps
+        run: npm install --legacy-peer-deps