ci: mirror Playwright Docker image to GHCR to avoid MCR rate limits

[yamcodes]

Problem

The test-e2e job pulls mcr.microsoft.com/playwright:vX.Y.Z-noble at runtime. GitHub-hosted runners share IPs, so they hit MCR's unauthenticated pull rate limits — causing the job to fail with `toomanyrequests` or `unauthorized` errors before any tests run.

Solution

Since the repo is public, GHCR storage and bandwidth are free. The fix:

1. Add a sync-playwright-image workflow that triggers on changes to pnpm-workspace.yaml (where the Playwright version is pinned), pulls from MCR, and pushes to ghcr.io/yamcodes/arkenv/playwright:vX.Y.Z-noble
2. Update test.yml line 103 to reference the GHCR image instead of MCR

Authentication to GHCR is automatic via GITHUB_TOKEN — no secrets needed. The sync runs once per version bump, so test-e2e never touches MCR again.

Alternative

Drop the container entirely and install Playwright browsers directly on the runner (npx playwright install --with-deps), as test-windows and test-macos already do. Adds ~1–2 min to the job but removes the external dependency completely.

---

Discovered in https://github.com/yamcodes/arkenv/actions/runs/22263697708/job/64405867280 (#806)