Use github.token instead of secrets.GITHUB_TOKEN

[wiebeck]

Edit: Ok, now I am confused. The doc reads:

The called workflow is automatically granted access to github.token and secrets.GITHUB_TOKEN.

So maybe this PR should not be required at all? On the other hand, why does the check in #13 fail?

Original comment:

Reusable workflows don't have access to caller secrets unless you pass them as secret.

I would like to make the GITHUB_TOKEN even required but that would break existing workflows...

Maybe introduce versioning for breaking changes? ;-)

[wiebeck]

Oh and by the way..... this fixes the validation error in #13