[gha][swift-toolchain] Use a PAT to create new toolchain releases

[kendalharland]

When using secrets.GITHUB_TOKEN to create resources in GitHub actions, additional workflows are not triggered. GitHub does this to prevent users from creating recursive workflows. For more information, see these links:

• https://github.com/orgs/community/discussions/26875#discussioncomment-3253761
• https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow

This is currently preventing the Release - Swift Toolchain Binary Sizes workflow from running when new releases are created.

Changes

• Use secrets.RELEASE_CREATOR_PAT to publish releases.

[kendalharland]

CC @amonshiz and @JoelHenn to add context to my recent messages in Slack. This is where I need to setup this PAT.

[amonshiz]

Could we use a called/reusable workflow or a direct workflow dispatch at the end of this workflow to trigger the size workflow?

[compnerd]

@amonshiz hmm ... that is an interesting idea. That would allow that workflow to be completely separate right? Because you can set triggers on that for workflow completion?

[kendalharland]

Yes a callable workflow can work, and it wouldn't compromise our ability to run the binary sizes workflow directly without first invoking swift-build.

The only caveat of this approach is that it makes the swift-build workflow less reusable, since anyone who forks it and runs it in a separate Git repo will not be able to trigger the release binary sizes workflow and upload data to our BigQuery table. I am not sure if it is a big concern - they can always just delete the step that calls the workflow. @compnerd WDYT?

[compnerd]

I think that given that we are uploading to BigQuery which requires additional credentials, that isn't a terrible idea. We could isolate that to this repository, and we could always upstream that if we have a solution which doesn't require additional services.

[kendalharland]

Closing this in favor of using a callable workflow