fix(ci): expand NODE_AUTH_TOKEN placeholder for Yarn classic GitHub Packages auth

widget-sdk@3.18.0 is published to GitHub Packages (npm.pkg.github.com),
unlike 3.17.0 which was on the public npm registry and needed no auth.

actions/setup-node writes the literal string '${NODE_AUTH_TOKEN}' into the
temp npmrc file (NPM_CONFIG_USERCONFIG). The npm CLI expands env-var
references from .npmrc; Yarn classic (v1) does NOT — so every yarn install
sent the literal '${NODE_AUTH_TOKEN}' as the Bearer token, causing 401.

Fix: expand the placeholder in-place with sed before running yarn install,
in the same step where NODE_AUTH_TOKEN is defined in env.

Co-authored-by: GitHub Copilot <copilot@noreply.github.com>

Author: maximizeIT

.github/workflows/ci.yaml

@@ -25,7 +25,13 @@ jobs:
 
       - name: Install Yarn Dependencies
         working-directory:  samples/weather-forecast
-        run: yarn install --frozen-lockfile
+        # actions/setup-node writes `${NODE_AUTH_TOKEN}` as a literal string into
+        # the temp npmrc (NPM_CONFIG_USERCONFIG). npm expands env-var references;
+        # Yarn classic (v1) does NOT. Replace the placeholder in-place so Yarn
+        # receives the actual token when fetching from npm.pkg.github.com.
+        run: |
+          sed -i "s|\${NODE_AUTH_TOKEN}|${NODE_AUTH_TOKEN}|" "$NPM_CONFIG_USERCONFIG"
+          yarn install --frozen-lockfile
         env:
           NODE_AUTH_TOKEN: ${{ secrets.STAFFBOT_NPM_READ }}