ci: use app token for bump lemonade commit workflow

[abn]

Prior to merging, the following setup steps must be completed in the GitHub organization settings.

1. Go to the GitHub App creation page: GitHub App New.
2. Configure the following fields:
   • GitHub App name: Lemonade GitHub Bot
   • Homepage URL: https://lemonade-server.ai
   • Webhook: Uncheck Active (Disable webhooks).
3. Under Permissions > Repository permissions, set the following access levels:
   • Actions: Read & write
   • Contents: Read & write
   • Metadata: Read-only
   • Pull requests: Read & write
   • Workflows: Read & write
4. Click Create GitHub App.
5. Client Secret: In the app settings, click Generate a new client secret. Copy and save this secret temporarily (it will only be shown once).
6. Private Key: Scroll down to the Private keys section and click Generate a private key. This will automatically download a .pem file containing the private key. Keep this file secure.
7. Client ID: Copy the Client ID from the General settings page.
8. Select Install App from the left sidebar.
9. Click Install next to the lemonade-sdk organization.
10. Choose whether to install the app on all repositories or only allow-listed repositories.
11. (Optional) Add App managers if other members of the team need to manage the configuration.
12. Go to the Organization Secrets page: GitHub Actions Org Secrets.
13. Add the following secrets and variables, ensuring access is configured for the allow-listed repositories:
    • Secret: Add LEMONADE_ACTION_BOT_APP_PRIVATE_KEY with the entire content of the downloaded .pem private key file.
    • Variable: Add LEMONADE_ACTION_BOT_CLIENT_ID with the retrieved Client ID.