feat: Add env_vars GH_AUTH_TOKEN to deploy step.

[syedfarhanNF]

Description

• Update github workflow for deployment to include env_vars GH_AUTH_TOKEN that reads the token from the repos secrets.
• Update readme to add step for creating Github Personal Access Token

Notes

• Personal access tokens can only be created for a specific user. There isn't a way to create org level personal access tokens to use with the GitHub api. The scope of this should be limited to read public repositories only.

Checklist

• run npm run test and npm run benchmark
• tests and/or benchmarks are included
• documentation is changed or added
• [ x] commit message and code follows the Developer's Certification of Origin
  and the Code of conduct

[syedfarhanNF]

@mcollina Can you verify the secret token is set correctly in the repo settings - the name and that the token is still valid. And merge this PR if those are correct? I don't have visibility into those settings because I'm not a member of the fastify org.

[simoneb]

We kind of forgot about this issue. I think this was intended to authenticate to the GH APIs and increase the rate limits, considering that this is now being used by both the Fastify and Mercurius websites. On the other hand, I'm not sure this is safe to merge, we would need somebody to check that the token in the secrets is right. Having a PAT there is a possible security risk, so unless the apps are causing troubles, which it doesn't seem at the moment (see here and here), we can also close this issue. What's certain though, is that if requests are made too frequently to those pages, they will stop working for some time due to hitting the rate limit.