Set up preview builds for branches and commits on push / open PR with GitHub Actions

[loftwah]

Description

We need automated preview builds for TecHub so that every open pull request and its commits are deployed as live previews on our DigitalOcean server using Kamal, kamal-proxy, and GitHub Actions.

This will replicate the Cloudflare Pages behaviour — ephemeral previews that exist only while a PR is open.

---

Acceptance Criteria

• On PR open → GitHub Actions builds Docker image, pushes to GHCR, and deploys via Kamal to the preview host (https://pr-<num>.preview.techub.life).

• On new commits pushed to the same branch → preview rebuilds automatically with the new image tag.

• On PR close / merge → preview container is removed and resources are freed.

• GitHub bot comment posts or updates a Markdown table with:

  Type	URL
  Commit Preview	https://commit-<sha>.preview.techub.life
  Branch Preview	https://pr-<num>.preview.techub.life

• Preview URLs use wildcard DNS (*.preview.techub.life) routed through kamal-proxy on the same DO droplet.

• The workflow should run only if a PR is open (branch pushes outside PRs are ignored).

• Failure notifications (e.g. build/deploy errors) trigger a Resend email or webhook alert to maintainers.

• Workflow and config live under /ops/preview/ (deploy.preview.template.yml, preview.yml, helper scripts).

---

Implementation Notes

• Uses existing DigitalOcean host and Kamal setup (no extra server).

• GitHub Actions handles build + deploy + cleanup.

• Wildcard DNS and TLS handled by kamal-proxy.

• Preview containers share the staging DB with isolated schema names.

• Kamal automatically removes containers on app remove during cleanup.