fix(deploy-to-aws): mirror legacy-api-key plumbing from the -uv variant

The non-uv `deploy-to-aws.yml` had the same Smoke Test step shape as
`deploy-to-aws-uv.yml` but was missing the legacy-api-key fallback that
was added to the uv variant in the previous commit. Adding it here for
parity — consumers using the non-uv workflow with a stack that has
moved past `apiGateway.apiKeys` will otherwise hit the same "Could not
find key" failure.

Author: chrisbc

.github/workflows/deploy-to-aws.yml

@@ -185,3 +185,16 @@ jobs:
             expected-regex: ${{ inputs.smoketest-expected }}
             working-directory: ${{ inputs.working-directory}}
             url: ${{ (github.ref == 'refs/heads/main') && inputs.smoketest-url-prod || inputs.smoketest-url-test }}
+            # Fallback x-api-key for stacks that have moved past `apiGateway.apiKeys`
+            # to a Lambda authorizer (so no TempApiKey-* line in deploy.out).
+            # Picks up any of the standard GNS-Science API-key secrets inherited via
+            # `secrets: inherit`. Each consumer's serverless.yml wires its own
+            # named secret into the Lambda authorizer's LEGACY_API_KEY env var.
+            legacy-api-key: >-
+              ${{ secrets.LEGACY_API_KEY
+                  || secrets.NZSHM22_TOSHI_API_KEY
+                  || secrets.NZSHM22_KORORAA_API_KEY
+                  || secrets.NZSHM22_NSHM_MODEL_API_KEY
+                  || secrets.NZSHM22_SOLVIS_API_KEY
+                  || secrets.NZSHM22_HAZARD_API_KEY
+                  || '' }}