ci(release): use github app token for tag push

[project-defiant]

✨ Context

This PR is continuation of testing release of the gentropy Docker image with specific tag, when release is triggered - for more detail check opentargets/issues#3384

🛠 What does this PR implement

🙈 Missing

🚦 Before submitting

• Do these changes cover one single feature (one change at a time)?
• Did you read the contributor guideline?
• Did you make sure to update the documentation with your changes?
• Did you make sure there is no commented out code in this PR?
• Did you follow conventional commits standards in PR title and commit messages?
• Did you make sure the branch is up-to-date with the dev branch?
• Did you write any new necessary tests?
• Did you make sure the changes pass local tests (make test)?
• Did you make sure the changes pass pre-commit rules (e.g poetry run pre-commit run --all-files)?

[project-defiant]

@ireneisdoomed, please check the opentargets/issues#3384 (comment)

[ireneisdoomed]

So if I understand correctly you are swapping the Github access tokens between the one provided by the action, which generates a token from the Github App, and the secret token created by default.

The difference between them is that the App token can extend the repo's permissions and can be used to trigger workflows, which is why you use it to create the tag with the semantic release.

[ireneisdoomed]

Is this added for security reasons or because it is needed?

[project-defiant]

actions/checkout#485 - I have added it not to persist this token, as it's not the default one.

[project-defiant]

That is correct!