ci: improve release workflow and CI validation

[rfgamaral]

Overview

Aligns Typist's release and CI workflows with the improvements recently made in Reactist (ref1, ref2), while preserving Typist-specific next branch support.

The main change is switching from a user PAT (GH_REPO_TOKEN) to a GitHub App token (Doist Release Bot) for the release workflow. This ensures semantic-release can push release commits past branch rulesets on main, which was migrated from legacy branch protection rules to rulesets as part of this work.

PR Checklist

• Pull request title follows the Conventional Commits Specification

Test plan

The release workflow will be validated on the next push to main after merge. The CI validation changes can be verified by checking that this PR's own CI passes.

[netlify]

✅ Deploy Preview for doist-typist ready!

Name	Link
🔨 Latest commit	2a56a47
🔍 Latest deploy log	https://app.netlify.com/projects/doist-typist/deploys/69d6484b4e79710008616d07
😎 Deploy Preview	https://deploy-preview-1291--doist-typist.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[doistbot]

This PR updates the release and CI workflows to align with recent Reactist improvements, notably transitioning to a GitHub App token for semantic-release operations. These changes nicely improve the maintainability and reliability of the deployment pipeline by accommodating the new branch rulesets. A minor adjustment was noted regarding workflow permissions, suggesting a reduction of the default token privileges to better enforce the principle of least privilege now that the App token handles write operations.

_{Share Feedback • Review Logs}

[doist-release-bot]

🎉 This PR is included in version 10.0.1 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀