Prevent conda defaults channel usage in CI/CD workflows

[Copilot]

CI/CD workflows that create conda environments were not explicitly preventing use of the defaults channel, which could be implicitly included even when other channels are specified.

Changes

• Explicit defaults removal: Added remove-defaults: true to setup-miniconda configuration
• Channel specification: Centralized channel list (conda-forge,bioconda) in environment variable
• Planemo channel enforcement: Added --conda_channels and --conda_ensure_channels flags to planemo test command
• Verification step: Added pre-test check that fails the build if defaults channel is present in conda config
• Security hardening: Added add-anaconda-token: false to prevent inadvertent defaults access

env:
  CONDA_CHANNELS: conda-forge,bioconda

steps:
  - uses: conda-incubator/setup-miniconda@v3
    with:
      channels: ${{ env.CONDA_CHANNELS }}
      remove-defaults: true
      add-anaconda-token: false

Only planemo-test.yml was affected. Other workflows don't use conda.

Original prompt

None of the CI/CD actions that create a conda environment can use the defaults channel. Make sure this never happens. This is done by specifying both the channels that we do want (i.e. conda-forge and bioconda) and by indicating that this is an override (--override-channels), otherwise the defaults channel is implicitly used.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[rvosa]

@copilot pipelines are failing: defaults is still present