fix(ci): pass expanded auth token to Yarn's npmrc for GitHub Packages

actions/setup-node writes `${NODE_AUTH_TOKEN}` as a literal placeholder into
the temp npmrc it creates (NPM_CONFIG_USERCONFIG). npm expands env-var
references from .npmrc; Yarn classic does NOT. Yarn therefore sent the
string '${NODE_AUTH_TOKEN}' as the Bearer token → 401 on npm.pkg.github.com.

Fix: before `yarn install`, append the bash-expanded token to the file
that NPM_CONFIG_USERCONFIG points to. The previous attempt wrote to
~/.npmrc instead, which Yarn never reads when NPM_CONFIG_USERCONFIG is set.

Co-authored-by: GitHub Copilot <copilot@noreply.github.com>

Author: maximizeIT

.github/workflows/ci.yaml

@@ -23,11 +23,18 @@ jobs:
           registry-url: 'https://npm.pkg.github.com/'
           scope: '@staffbase'
 
+      - name: Configure GitHub Packages auth for Yarn
+        # actions/setup-node writes `${NODE_AUTH_TOKEN}` literally into the temp npmrc;
+        # Yarn classic does NOT expand env-var placeholders from npmrc files (unlike npm).
+        # Appending the already-expanded token to the same file that NPM_CONFIG_USERCONFIG
+        # points to is the reliable fix.
+        run: echo "//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}" >> "$NPM_CONFIG_USERCONFIG"
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.STAFFBOT_NPM_READ }}
+
       - name: Install Yarn Dependencies
         working-directory:  samples/weather-forecast
         run: yarn install --frozen-lockfile
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.STAFFBOT_NPM_READ }}
 
       - name: Run Build
         working-directory: samples/weather-forecast