ci(release-please): allow PAT override via RELEASE_PLEASE_TOKEN

The default GITHUB_TOKEN cannot open pull requests when the
GrayCodeAI org policy keeps 'Allow GitHub Actions to create and
approve pull requests' disabled. release-please creates the release
branch fine but errors at PR-open.

Two ways to fix:

  1. Org admin flips the toggle at
     https://github.com/organizations/GrayCodeAI/settings/actions
     (permanent fix; repo-level toggle is blocked by org policy).

  2. Create a PAT with repo + workflow scopes, add it as repo
     secret RELEASE_PLEASE_TOKEN. The workflow now picks it up
     automatically. This bypasses the org restriction without
     needing admin access.

Workflow silently falls back to GITHUB_TOKEN when the secret is
unset, so the change is a no-op until someone adds the PAT.

Author: Patel230

.github/workflows/release-please.yml

@@ -14,5 +14,13 @@ jobs:
     steps:
       - uses: googleapis/release-please-action@v4
         with:
+          # The default GITHUB_TOKEN can't open PRs when the org policy
+          # disables "Allow GitHub Actions to create and approve pull
+          # requests". Supply a PAT via the RELEASE_PLEASE_TOKEN secret
+          # (scopes: repo + workflow) to bypass that. If the secret is
+          # unset we fall back to GITHUB_TOKEN and the job will still
+          # try — it'll fail cleanly with the known 403 until either
+          # the secret is added or the org toggle is flipped.
+          token: ${{ secrets.RELEASE_PLEASE_TOKEN || secrets.GITHUB_TOKEN }}
           config-file: release-please-config.json
           manifest-file: .release-please-manifest.json