ci: use GitHub App authentication in social and cleanup workflows

Updated remaining workflows to use iterate-evolve GitHub App:
- social.yml: uses app token for GitHub API and commits
- cleanup.yml: uses app token for branch deletion

All workflows now consistently use the bot identity instead of
personal access tokens.

Author: Patel230

.github/workflows/cleanup.yml

@@ -13,9 +13,17 @@ jobs:
   cleanup:
     runs-on: ubuntu-latest
     steps:
+      - name: Generate GitHub App token
+        id: generate-token
+        uses: tibdex/github-app-token@v2
+        with:
+          app_id: ${{ secrets.APP_ID }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
+
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          token: ${{ steps.generate-token.outputs.token }}
 
       - name: Configure git
         run: |
@@ -24,7 +32,7 @@ jobs:
 
       - name: Delete merged branches
         env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
         run: |
           # Get all evolution branches
           git fetch origin

.github/workflows/social.yml

@@ -16,9 +16,17 @@ jobs:
     env:
       FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
     steps:
+      - name: Generate GitHub App token
+        id: generate-token
+        uses: tibdex/github-app-token@v2
+        with:
+          app_id: ${{ secrets.APP_ID }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
+
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          token: ${{ steps.generate-token.outputs.token }}
 
       - uses: actions/checkout@v4
         with:
@@ -53,7 +61,7 @@ jobs:
           OPENCODE_BASE_URL: https://opencode.ai/zen/go/v1
           ITERATE_PROVIDER: opencode
           ITERATE_MODEL: mimo-v2-pro-free
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
         run: |
           bash scripts/social/social.sh