Use the GitHub Helper bot for bumpversion workflow

[Zeitsperre]

Pull Request Checklist:

• [ ] This PR addresses an already opened issue (for bug fixes / features)
  • This PR fixes #xyz
• [ ] (If applicable) Documentation has been added / updated (for bug fixes / features).
• [ ] (If applicable) Tests have been added.
• [x] This PR does not seem to break the templates.
• [x] CHANGELOG.rst has been updated (with summary of main changes).
  • [x] Link to issue (:issue:number) and pull request (:pull:number) has been added.

What kind of change does this PR introduce?

• This adds the GitHub Helper Bot to the bump-version workflow.

Does this PR introduce a breaking change?

No.

Other information:

"But like, why?"

Glad you asked. The commits that are coming from the workflow currently are "borrowing" a token I made then overwriting the committer information and, as such, the GPG signature is invalid. For security purposes, this makes it look like someone stole my account and committed changes pretending to be someone else, which is effectively what it is doing.

The helper bot is a verified way of indicating that these commits are genuine and coming from a verified source (by way of GPG signature). The bot makes a one-time-use token, creates a commit with it, pushes the changes, then destroys that token so that the risk of it leaking is diminished.

Ideally, once all similar workflows in Ouranosinc are using this system, I can safely remove the token that has push access with my credentials.

[aulemahal]

The translation update test is invalid, I'll look into that.