ci: add guard against zero-change PRs (rubber-stamp prevention)

Add early-failing check to reject PRs with zero file changes.
This prevents the "rubber-stamping" problem where reviewers
approve empty diffs (0 additions, 0 deletions).

The check runs in the validate job immediately after checkout:
- Counts changed files via git diff --name-only origin/main...HEAD
- Fails if count is zero with clear error message
- Passes with confirmation if PR has real changes

Refs #1445. Addresses Option 1 (CI Validation) from issue triage.
Smallest concrete fix: one new step in existing CI workflow.

Closes #1445

.gitea/workflows/ci.yml

@@ -38,6 +38,22 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - name: "Guard: reject PRs with zero file changes"
+        run: |
+          CHANGED=$(git diff --name-only origin/main...HEAD | wc -l | tr -d ' ')
+          echo "Changed files: $CHANGED"
+          if [ "$CHANGED" -eq 0 ]; then
+            echo ""
+            echo "═══════════════════════════════════════════════════"
+            echo "  BLOCKED: PR contains zero file changes."
+            echo "  This indicates rubber-stamping — approving without"
+            echo "  actually making any modifications."
+            echo "  Make real changes before requesting review."
+            echo "═══════════════════════════════════════════════════"
+            exit 1
+          fi
+          echo "✓ PR has $CHANGED changed file(s)."
+
       - name: Validate Python syntax
         run: |
           FAIL=0