Add workflow to trigger lightning-node E2E on PRs

[martinsaposnic]

Summary

Adds a workflow that triggers lightning-node E2E tests when PRs are opened against main.

How it works

• Uses mdk-bot GitHub App for authentication (not PAT)
• Sends repository_dispatch to lightning-node
• lightning-node builds SDK from this PR and runs full E2E suite

Note

This PR itself won't trigger the E2E (workflow doesn't exist on main yet).
After merging, subsequent PRs will trigger E2E tests.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f678969829

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Use sanitized checkoutPath for success redirect

The GET handler sanitizes checkoutPath to avoid open redirects, but the success redirect uses result.data.checkoutPath (derived from the original query params) instead of the sanitized value. This means a signed URL that includes an absolute or protocol-relative checkoutPath (e.g., https://evil.com) will still redirect off-site on success, reintroducing the open redirect risk the sanitizer is meant to prevent. If the server generates signed URLs with any user-influenced checkoutPath, that allows redirecting users to an attacker-controlled domain. Consider using the sanitized checkoutPath (or re-sanitizing result.data.checkoutPath) when building the success redirect.

Useful? React with 👍 / 👎.

[amackillop]

nit: For simple stuff like this ubuntu-slim is better