Add GitHub Action to test PIN flag upgrade from v1.3.0 to v2.0.0

[devin-ai-integration]

Add GitHub Action to test PIN flag upgrade from v1.3.0 to v2.0.0

Summary

This PR adds a GitHub Action workflow that tests for a PIN flag upgrade bug discovered in wolfPKCS11. When upgrading from v1.3.0 to v2.0.0, tokens with PINs set may not have the WP11_TOKEN_FLAG_USER_PIN_SET flag set in the new version, causing authentication failures.

The workflow:

1. Builds wolfPKCS11 v1.3.0 and initializes a token with a PIN
2. Verifies the PIN works correctly in v1.3.0 (establishes baseline)
3. Builds the PR version (v2.0.0+) and attempts to access the same token
4. Tests whether the PIN flag is properly detected after upgrade

Important: This test is EXPECTED to fail on current master because the bug exists and hasn't been fixed yet. The test serves to reproduce the issue so a fix can be developed and validated.

Unlike PR #154, this workflow is simplified (no TPM) to focus specifically on the file-based storage PIN flag issue.

Review & Testing Checklist for Human

⚠️ CRITICAL: This workflow has never been run on GitHub Actions and is expected to fail initially (by design, to reproduce the bug).

• Run the workflow manually on this PR to verify it executes without errors through all build steps
• Verify bug reproduction - Confirm the test fails at the v2.0.0 login step with error 0x00000102 (CKR_USER_PIN_NOT_INITIALIZED) and displays the "BUG DETECTED" message
• Check test program compilation - Ensure both verify_pin_1.3.0.c and verify_pin_2.0.0.c compile successfully with the relative include paths
• Verify token path consistency - Confirm the WOLFPKCS11_TOKEN_PATH environment variable properly propagates across workflow steps so v2.0.0 finds the v1.3.0 token
• Review failure message - Ensure the failure output clearly explains the bug and expected vs actual behavior

Test Plan

1. Trigger this workflow on the PR (will run automatically or use workflow_dispatch)
2. Verify the v1.3.0 baseline test passes (PIN initialization and login work)
3. Verify the v2.0.0 upgrade test fails with the expected error showing the bug
4. Check the workflow output for clear diagnostic messages
5. Once a fix is implemented, this same test should pass end-to-end

Notes

• The user mentioned some other GitHub Actions tests may fail at this stage, which is a known issue to be solved later
• This workflow is based on the upgrade testing pattern from PR Add GitHub Action workflow for TPM corruption testing #154 but simplified for file-based storage
• The embedded test programs use debug output to make troubleshooting easier
• The workflow uses WOLFPKCS11_TOKEN_PATH environment variable to ensure both versions access the same token storage

Link to Devin run: https://app.devin.ai/sessions/899f11a4b0ab46cc835b55b8b785904a
Requested by: andrew@wolfssl.com (andrew@wolfssl.com)

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[wolfSSL-Bot]

Can one of the admins verify this patch?

[LinuxJedi]

Closing this, it isn't a problem for 1.3.0 -> 2.0.0. Only for an intermediate version that was not released.