ci(integration-tests): use github.token for check-run posters

[vikrantpuppala]

Summary

Follow-up to #799 (cross-repo IT dispatch). The dispatch failure handlers and auto-pass steps in `trigger-integration-tests.yml` were posting check-runs with `steps.public-token.outputs.token` — itself an App-token-generating step.

That created a silent-failure trap: if the `INTEGRATION_TEST_APP_ID` / `INTEGRATION_TEST_PRIVATE_KEY` secrets are missing or rotated:

1. App-token step fails.
2. Failure handler also fails (no token to authenticate the check-run API call).
3. The gate sits green from the earlier `skip-integration-tests-pr` job's synthetic-success check.

Exactly the silent-pass anti-pattern the failure handler exists to prevent.

How I found it

Exercised the dispatch end-to-end on a draft PR before the App secrets were installed (#800, closed). The dispatch failed as expected, but the failure handler also failed with `Input required and not supplied: github-token`, and `Python Proxy Tests` stayed green from Phase 1's stale synthetic-success check. Full smoke-test write-up is in the closing comment on #800.

The fix

Use the default workflow token `${{ github.token }}` for all check-posting steps. The default token has `checks: write` because each job already declares the permission. The App token is still used (correctly) for the actual `peter-evans/repository-dispatch` call, where cross-repo write access is required.

Since `steps.public-token` is no longer referenced anywhere, the App-token generation step itself is also removed to keep the workflow tidy.

Note on the canonical pattern

The same latent bug exists in adbc-drivers/databricks's trigger-integration-tests.yml — that's where I copied the App-token pattern from. Not fixing upstream here, but worth flagging for the ADBC team.

Diff

Change	Lines
Failure handlers (×2): `steps.public-token.outputs.token` → `${{ github.token }}`	-2 +2
Auto-pass / no-driver-changes steps (×2): same swap	-2 +2
Remove dead App-token-generation steps (×2)	-16
Comments explaining the choice	+12
Total	+20 / -22 (-2 net)

Test plan

• `actionlint` clean (only the expected `linux-ubuntu-latest` runner-label warning that matches every other workflow in this repo).
• YAML parses; all 4 jobs intact.
• Smoke-test will be straightforward once the App secrets are installed — the next missing-secret state should now show a red `Python Proxy Tests` check via the failure handler, instead of staying silently green.

This pull request and its description were AI-assisted by Isaac.