ci: green the nightly — auth the libmoq API lookup, follow the keyring rename

[kixelated]

Greens the nightly cross-language smoke run, which had two unrelated failures
(see run 26885380310).

1. macOS C subscriber — anonymous GitHub API rate limit

smoke.sh resolves the latest libmoq release via the GitHub API, authenticated
only if GITHUB_TOKEN is set — but the workflow never exposed it, so the call was
always anonymous (60 req/hr per IP). The heavily-NAT'd macOS runners share IPs and
exhaust that, so the lookup returns empty:

building c client (libmoq prebuilt release)...
  WARN  c client unavailable: libmoq download / compile failed
        no libmoq-v* release found

→ the C subscriber drops out and every * -> c case FAILs. (The Linux jobs ran
the identical code minutes earlier and passed — it's purely the shared-IP limit.)

Fix: set GITHUB_TOKEN: ${{ github.token }} at the job level. smoke.sh already
uses it when present; this just wires it in, lifting the limit to 1000 req/hr per
token. Uses the built-in token (not untrusted event input), so no injection risk.

2. apt channel — keyring rename

The published signing keyring was renamed moq-archive-keyring.gpg ->
moq-keyring.gpg and is now served dearmored (binary), which apt's gpgv
requires — see moq-dev/moq#1611 for the root cause (armored keyring made every
apt-get update fail with NO_PUBKEY). This tracks the new URL/path so the apt
install step keeps mirroring the documented install flow.

The binary key is already uploaded and verified live at
https://apt.moq.dev/moq-keyring.gpg.

🤖 Generated with Claude Code

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0ba88357-e323-46ea-9879-48c842bc52fe

📥 Commits

Reviewing files that changed from the base of the PR and between 6f5fd3b and 0d37360.

📒 Files selected for processing (1)

• .github/workflows/smoke.yml

---

Walkthrough

This PR updates the .github/workflows/smoke.yml workflow with two configuration changes: a job-level GITHUB_TOKEN environment variable is added to enable authenticated GitHub API calls in the smoke.sh script for retrieving the latest libmoq release, and the apt repository signing key configuration is updated to use moq-keyring.gpg instead of the previous moq-archive-keyring.gpg filename and URL reference.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the two main changes: authenticating the libmoq API lookup and updating the apt keyring configuration.
Description check	✅ Passed	The description comprehensively explains both failures and their fixes, directly corresponding to the workflow changes in the pull request.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch claude/unruffled-rhodes-059fb7

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}