Use ORG_MEMBER_CHECK_TOKEN for organization membership verification

This addresses the CodeRabbit review feedback regarding GITHUB_TOKEN
permissions. The default GITHUB_TOKEN does not have org-level "Members"
read permission required to query organization membership.

Changes:
- Updated both workflows to use ORG_MEMBER_CHECK_TOKEN secret
- This token must be a PAT or GitHub App token with read:org scope

Setup Required:
A repository administrator must create and add the ORG_MEMBER_CHECK_TOKEN
secret with appropriate permissions. See PR description for instructions.

Fixes: Critical permission issue identified in CodeRabbit review

🤖 Generated with Claude Code

Co-Authored-By: Claude <[email protected]>

Author: iaminawe

.github/workflows/claude.yml

@@ -38,7 +38,7 @@ jobs:
       - name: Check authorization
         id: check
         env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.ORG_MEMBER_CHECK_TOKEN }}
         run: |
           ACTOR="${{ github.actor }}"
 

.github/workflows/opencode-gpt-5-codex.yml

@@ -38,7 +38,7 @@ jobs:
       - name: Check authorization
         id: check
         env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.ORG_MEMBER_CHECK_TOKEN }}
         run: |
           ACTOR="${{ github.actor }}"