chore(ci): use TxnLab Release Bot for release workflow (#5)

Replace default GitHub Actions token with TxnLab Release Bot GitHub App
for generating tokens. This enables the bot to bypass branch protection
rules when creating release commits and tags.

Changes:
- Add token generation step using actions/create-github-app-token@v2
- Pass generated token to checkout action
- Use generated token as GITHUB_TOKEN for semantic-release
- Update git author/committer to TxnLab Release Bot identity

Author: drichar

.github/workflows/release.yml

@@ -17,11 +17,19 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
+      - name: Generate release token
+        id: generate_token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ vars.RELEASE_BOT_APP_ID }}
+          private-key: ${{ secrets.RELEASE_BOT_PRIVATE_KEY }}
+
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
           persist-credentials: false
+          token: ${{ steps.generate_token.outputs.token }}
 
       - name: Setup pnpm
         uses: pnpm/action-setup@v4
@@ -47,9 +55,9 @@ jobs:
 
       - name: Release
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GIT_AUTHOR_NAME: github-actions[bot]
-          GIT_AUTHOR_EMAIL: github-actions[bot]@users.noreply.github.com
-          GIT_COMMITTER_NAME: github-actions[bot]
-          GIT_COMMITTER_EMAIL: github-actions[bot]@users.noreply.github.com
+          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
+          GIT_AUTHOR_NAME: TxnLab Release Bot[bot]
+          GIT_AUTHOR_EMAIL: txnlab-release-bot[bot]@users.noreply.github.com
+          GIT_COMMITTER_NAME: TxnLab Release Bot[bot]
+          GIT_COMMITTER_EMAIL: txnlab-release-bot[bot]@users.noreply.github.com
         run: npx semantic-release