Add PAT support for syncing workflow files in template-sync workflow

[coderabbitai]

Context

The template-sync workflow added in PR #74 was primarily designed for auto-syncing coderabbit.yaml configuration files to repositories using this template.

However, if the workflow needs to sync files under .github/workflows/, the default GITHUB_TOKEN will be blocked by GitHub's security policy. This is because GITHUB_TOKEN cannot be used to push changes to workflow files—a Personal Access Token (PAT) with workflows scope is required.

Current Limitation

When the template-sync action tries to push changes that include workflow files, it will fail with an error like:

refusing to allow a GitHub App to create or update workflow without workflows permission

Proposed Solution

To enable syncing of workflow files (if needed in the future), the workflow should be updated to:

1. Use a repository secret containing a PAT with:

   • contents:write permission
   • workflows:write permission

2. Pass this PAT to the action:

   target_gh_token: ${{ secrets.WORKFLOW_PAT }}

Related Discussion

• PR: Add template sync workflow for automated repository synchronization #74
• Comment thread: Add template sync workflow for automated repository synchronization #74 (comment)

Reported by: @kpj2006