Remove explicit GITHUB_TOKEN passing in release workflow

[Copilot]

Workflow now relies on automatic GITHUB_TOKEN context access rather than explicit environment variable passing for repository write operations.

Changes

• .github/workflows/build-release.yml: Removed env.GITHUB_TOKEN from softprops/action-gh-release@v1 step

The workflow's permissions: contents: write declaration already scopes what the automatic token can access. Modern GitHub Actions convention is to let actions access the token from context rather than explicit passing.

Before/After

  - name: Upload to Release (if triggered by release)
    uses: softprops/action-gh-release@v1
    with:
      files: |
        AceForge-macOS.dmg
        AceForge-macOS.zip
        checksums.txt
-   env:
-     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Note: MACOS_SIGNING_IDENTITY secret remains unchanged—it's used for code signing, not repository access.

Original prompt

PR #23 modifies the GitHub Actions workflow. However, to ensure proper security compliance, the workflow must exclusively utilize GitHub's built-in permissions for writing to the repo. Review and modify the workflow in this PR to rely solely on the automatic permissions associated with the GITHUB_TOKEN or other built-in permissions.

This pull request was created from Copilot chat.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.