Remove token from checkout step in npm-publish.yml

[fraliv13]

Removed token usage for checkout step in workflow.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 67a1fa3

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[Copilot]

Pull request overview

Updates the npm-publish GitHub Actions workflow to stop using a Personal Access Token (PAT) for the repository checkout step, relying on default credentials instead.

Changes:

• Removed token: ${{ secrets.PAT }} from the actions/checkout step in the publish workflow.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This workflow later commits/pushes changes (git-auto-commit-action). Removing the PAT from the checkout step changes the git credentials to the default GITHUB_TOKEN; if the repo/org default workflow token permissions are read-only or branch protections require a PAT, the push will fail. Consider explicitly setting permissions: contents: write for the job and/or passing the intended token to the push/commit step rather than relying on checkout credentials.