feat: add PR validation workflow for YAML and script linting

The .github repo had no CI running on pull requests — PRs merged without
any validation. This adds actionlint for workflow YAML and shellcheck for
scripts in .github/scripts/, triggered on PRs to main.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

.github/workflows/pr-validation.yaml

@@ -0,0 +1,34 @@
+name: PR Validation
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  validate:
+    runs-on: local-ubuntu-latest
+    timeout-minutes: 5
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Install actionlint
+        run: |
+          ACTIONLINT_VERSION="1.7.7"
+          curl -fsSL "https://github.com/rhysd/actionlint/releases/download/v${ACTIONLINT_VERSION}/actionlint_${ACTIONLINT_VERSION}_linux_amd64.tar.gz" \
+            | tar -xz -C /usr/local/bin actionlint
+
+      - name: Validate workflow YAML with actionlint
+        run: actionlint -color .github/workflows/*.yaml
+
+      - name: Shellcheck scripts
+        run: |
+          if ls .github/scripts/*.sh 1>/dev/null 2>&1; then
+            for script in .github/scripts/*.sh; do
+              echo "Checking ${script}..."
+              shellcheck --severity=warning "$script" || true
+            done
+          else
+            echo "No shell scripts to check"
+          fi