fix(server): handle GitHub log redirects manually

What changed

• Disabled automatic redirects for the GitHub Actions job log streaming request.
• Added manual redirect handling for GitHub’s log archive Location response.
• Kept GitHub installation headers only on the GitHub API request and intentionally dropped them when following the signed archive URL.
• Added a regression test covering the 302 archive redirect and token handling.

Why

Sentry reported TUIST-N3, where FetchLogsWorker crashed while fetching job logs after GitHub returned a 302 from the Actions logs endpoint. The worker was streaming the response through Req’s :into callback while also asking Req to auto-follow redirects.

Root cause

Req’s automatic redirect handling does not compose safely with this streaming response shape. The first response from GitHub is a redirect to a signed archive URL, and the streaming callback path can leave Req handling a tuple-shaped response instead of the map shape expected by the redirect step.

Impact

Completed runner jobs whose logs are served through GitHub’s redirect path can now be ingested instead of failing the Oban job with the Sentry crash. The signed archive request also avoids forwarding the GitHub installation token outside GitHub’s API host.

Validation

• mix test test/tuist/runners/workers/fetch_logs_worker_test.exs:108
• mix test test/tuist/runners/workers/fetch_logs_worker_test.exs
• mix format lib/tuist/runners/workers/fetch_logs_worker.ex test/tuist/runners/workers/fetch_logs_worker_test.exs
• git diff --check