ci: accept existing org read token for feedback sweeps

[haasonsaas]

Summary

• let feedback sentinel/backfill use the existing EVALOPS_ORG_READ_TOKEN secret as the org-wide PR read token
• keep EVALOPS_REVIEW_GUARD_TOKEN as the preferred name when present
• preserve the no-github.token fallback guard so org-wide sweeps cannot silently publish false-empty reports

Verification

• actionlint .github/workflows/review-feedback-backfill.yml .github/workflows/review-feedback-sentinel.yml
• YAML parse check for both workflows
• confirmed gh secret list --repo evalops/.github currently exposes EVALOPS_ORG_READ_TOKEN

[cursor]

PR Summary

Low Risk
Low risk: updates GitHub Actions workflow secret selection only, with no application logic changes. Main risk is misconfigured secrets causing the sentinel/backfill jobs to fail earlier rather than run.

Overview
Updates the review feedback sentinel and 30-day backfill workflows to accept secrets.EVALOPS_ORG_READ_TOKEN as a fallback when secrets.EVALOPS_REVIEW_GUARD_TOKEN is not set.

Also adjusts the guard step error messaging to reflect either secret, preserving the explicit failure when no org-wide token is provided (avoiding silent runs with github.token).

^{Reviewed by Cursor Bugbot for commit 5d09fc4. Bugbot is set up for automated code reviews on this repo. Configure here.}