Fix versioning workflow: replace expired PAT with GitHub App token

The POLICYENGINE_GITHUB personal access token expired, breaking the
versioning workflow. This replaces it with a short-lived token
generated from the org's GitHub App (APP_ID + APP_PRIVATE_KEY),
which is more secure and doesn't depend on any individual's account.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: vahid-ahmadi

.github/workflows/versioning.yaml

@@ -16,10 +16,16 @@ jobs:
         if: |
           (!(github.event.head_commit.message == 'Update package version'))
         steps:
+            - name: Generate GitHub App token
+              id: app-token
+              uses: actions/create-github-app-token@v1
+              with:
+                app-id: ${{ secrets.APP_ID }}
+                private-key: ${{ secrets.APP_PRIVATE_KEY }}
             - name: Checkout repo
               uses: actions/checkout@v4
               with:
-                token: ${{ secrets.POLICYENGINE_GITHUB }}
+                token: ${{ steps.app-token.outputs.token }}
                 fetch-depth: 0
             - name: Setup Python
               uses: actions/setup-python@v5