feat: use GitHub App token for GitHub Packages authentication

- Generate GitHub App token using GH_APP_ID and GH_APP_PRIVATE_KEY secrets
- Replace GITHUB_TOKEN with GitHub App token for npm.pkg.github.com
- GitHub App tokens have proper packages:write permissions for org packages
- Should resolve 'Permission installation not allowed' error

Author: Mearman

.github/workflows/main.yml

@@ -183,6 +183,14 @@ jobs:
           # Get the latest commit (including badge updates)
           ref: main
 
+      - name: Generate GitHub App Token
+        id: app-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ secrets.GH_APP_ID }}
+          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+          owner: ExaDev
+
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
@@ -388,15 +396,15 @@ jobs:
           NPMJS_NPM_CONFIG_REGISTRY: https://registry.npmjs.org/
           NPMJS_NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
           GITHUB_NPM_CONFIG_REGISTRY: https://npm.pkg.github.com
-          GITHUB_NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_NODE_AUTH_TOKEN: ${{ steps.app-token.outputs.token }}
         run: |
           echo "🚀 Starting semantic-release with staged README and badge updates..."
           
           # Set up .npmrc for both registries
           cat > .npmrc << EOF
           registry=https://registry.npmjs.org/
           //registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}
-          //npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }}
+          //npm.pkg.github.com/:_authToken=${{ steps.app-token.outputs.token }}
           @ExaDev:registry=https://npm.pkg.github.com
           EOF