build(deps): bump actions/create-github-app-token from 1.11.5 to 2.0.6

[dependabot]

Bumps actions/create-github-app-token from 1.11.5 to 2.0.6.

Release notes

Sourced from actions/create-github-app-token's releases.

v2.0.6

2.0.6 (2025-05-03)

Bug Fixes

• replace - with _ (#246) (3336784)

v2.0.5

2.0.5 (2025-05-02)

Bug Fixes

• deps: bump the production-dependencies group with 3 updates (#240) (d64d7d7)

v2.0.4

2.0.4 (2025-05-02)

Bug Fixes

• permission input handling (#243) (2950cbc)

v2.0.3

2.0.3 (2025-05-01)

Bug Fixes

• README: use v2 in examples (#234) (9ba274d), closes #232
• use core.getBooleanInput() to retrieve boolean input values (#223) (c3c17c7)

v2.0.2

2.0.2 (2025-04-03)

Bug Fixes

• improve log messages for token creation (#226) (eaef294)

... (truncated)

Commits

• df432ce build(release): 2.0.6 [skip ci]
• 3336784 fix: replace - with _ (#246)
• db3cdf4 build(release): 2.0.5 [skip ci]
• d64d7d7 fix(deps): bump the production-dependencies group with 3 updates (#240)
• 1b6f53e build(deps-dev): bump the development-dependencies group across 1 directory w...
• 061a84d build(deps-dev): bump @​octokit/openapi from 18.2.0 to 19.0.0 (#242)
• c8f34a6 build(deps): bump stefanzweifel/git-auto-commit-action from 5.1.0 to 5.2.0 in...
• 4821f52 build(release): 2.0.4 [skip ci]
• 2950cbc fix: permission input handling (#243)
• 30bf625 build(release): 2.0.3 [skip ci]
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

🦙 MegaLinter status: ⚠️ WARNING

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	4		0	0	0.18s
✅ DOCKERFILE	hadolint	1		0	0	0.32s
✅ JSON	prettier	6	1	0	0	0.59s
✅ JSON	v8r	6		0	0	4.24s
⚠️ MARKDOWN	markdownlint	8	1	3	0	0.84s
⚠️ MARKDOWN	markdown-link-check	8		7	0	3.92s
✅ MARKDOWN	markdown-table-formatter	8	1	0	0	0.42s
✅ REPOSITORY	checkov	yes		no	no	14.17s
✅ REPOSITORY	git_diff	yes		no	no	0.09s
✅ REPOSITORY	grype	yes		no	no	21.33s
✅ REPOSITORY	secretlint	yes		no	no	1.27s
✅ REPOSITORY	syft	yes		no	no	1.07s
✅ REPOSITORY	trivy	yes		no	no	5.82s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.22s
✅ REPOSITORY	trufflehog	yes		no	no	2.46s
⚠️ SPELL	lychee	36		11	0	1.49s
✅ YAML	prettier	8	0	0	0	0.62s
✅ YAML	v8r	8		0	0	5.4s
✅ YAML	yamllint	8		0	0	0.4s

See detailed report in MegaLinter reports