compiled lock files hardcode github.token in Configure Git credentials steps -- breaks in sandboxed runners

[adamhenson]

When gh aw compile generates a lock file, the two "Configure Git credentials" steps use ${{ github.token }} directly in the git remote set-url command. In sandboxed runner environments where github.token lacks push scope (or where a dedicated PAT is used for write operations), this causes all git push operations from the agent job to fail silently.

Current workaround: patch the lock file post-compile to replace github.token with a scoped secret (e.g. secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN). This patch is wiped on every gh aw compile run.

Repro:

1. Run gh aw compile on any workflow that pushes commits or branches
2. Inspect the generated .lock.yml — the Configure Git credentials steps hardcode ${{ github.token }}
3. In a runner where github.token does not have push access (e.g. org-level branch protection, sandboxed token scope), the agent job silently fails on git push

Proposed fix: emit the token reference as a configurable input in the workflow frontmatter (e.g. push-token: ${{ secrets.MY_PAT }}), or inject via an env var rather than hardcoding github.token in the compiled output.