fix(ci): use public npm registry URL in yarn.lock for widget-sdk 3.18.0

Root cause: my local ~/.npmrc has @Staffbase:registry=https://npm.pkg.github.com,
so when I ran 'yarn install' locally it resolved widget-sdk via GitHub Packages
and hardcoded 'npm.pkg.github.com/download/...' as the resolved URL in yarn.lock.
CI then tried to download from that URL and got 401 — Yarn classic does not
expand the ${NODE_AUTH_TOKEN} placeholder that setup-node writes.

widget-sdk@3.18.0 IS published to the public npm registry (npmjs.org) with an
identical tarball (same shasum/integrity). The yarn.lock entry is updated to use
'registry.yarnpkg.com/@staffbase/widget-sdk/-/widget-sdk-3.18.0.tgz' —
the same URL format as 3.17.0 on main — which requires no auth in CI.

Also revert the unnecessary ci.yaml comment/sed workaround added during
debugging, restoring it to the same state as main.

Co-authored-by: GitHub Copilot <copilot@noreply.github.com>

Author: maximizeIT

.github/workflows/ci.yaml

@@ -25,13 +25,7 @@ jobs:
 
       - name: Install Yarn Dependencies
         working-directory:  samples/weather-forecast
-        # actions/setup-node writes `${NODE_AUTH_TOKEN}` as a literal string into
-        # the temp npmrc (NPM_CONFIG_USERCONFIG). npm expands env-var references;
-        # Yarn classic (v1) does NOT. Replace the placeholder in-place so Yarn
-        # receives the actual token when fetching from npm.pkg.github.com.
-        run: |
-          sed -i "s|\${NODE_AUTH_TOKEN}|${NODE_AUTH_TOKEN}|" "$NPM_CONFIG_USERCONFIG"
-          yarn install --frozen-lockfile
+        run: yarn install --frozen-lockfile
         env:
           NODE_AUTH_TOKEN: ${{ secrets.STAFFBOT_NPM_READ }}