Add tip about `CI_JOB_TOKEN` clone abilities with "new job permissions model"
Add a tip about using the CI_JOB_TOKEN
to clone upstream repositories. I was frustrated that this wasn't documented somewhere when the submodule stuff is. I tried this on our local githost.io
deployment with great success. It should be more widely documented!