Adapt pull request workflow to work properly for PRs from forked repositories

[OptimumCode]

As I recently discovered the secrets are not available in workflows triggered from forked repositories:

With the exception of GITHUB_TOKEN, secrets are not passed to the runner when a workflow is triggered from a forked repository.

https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#using-secrets-in-a-workflow

There is a suggestion on what can be done to mitigate this.

We need to split workflows into parts that execute code from forked repositories (which don't need access to secrets) and that process the results (e.g. publishing coverage report)