🐛 [BUG] - Review `SONAR_TOKEN` parameter for forked branches

[freemanzMrojo]

Description

The purpose of this ticket is to review the use of the SONAR_TOKEN parameter since for forked branches wont be informed, hence crashing the PR's pipeline.

Reproduction steps

1. Fork the SDK repo with a GH user without permissions for the Sonar project
2. Create a PR
3. The pipeline will fail in the Sonar Scan step

Logs

Check this GH action run https://github.com/vechain/vechain-sdk-js/actions/runs/10489948945/job/29056416080

[victhorbi]

@leszek-vechain research which are the options we have; we will have a small session with Waqar to move on with a decision.

[leszek-vechain]

There is a couple of threads on Sonarcloud forums around it, most pointing to this roadmap:

https://portal.productboard.com/sonarsource/1-sonarcloud/c/50-sonarcloud-analyzes-external-pull-request

It seems it was recently implemented via Automatic Analysis:

https://docs.sonarsource.com/sonarcloud/advanced-setup/automatic-analysis/

It is possible to turn it in project options (don't have access to try):

For existing projects:

Go to your project’s Administration > Analysis Method page and turn on Automatic Analysis. The Analysis Method page will display a compatibility check, so you are aware of our recommendations for your specific project.

but:

Automatic analysis is not intended to be used in conjunction with CI-based analysis.

If you do enable automatic analysis, you must ensure that you do not have any CI-based analyses configured. If you do then these CI-based analyses will fail and cause a failure in your build process.

Alternatively we can use one of solutions mentioned here:

https://community.sonarsource.com/t/how-to-use-sonarcloud-with-a-forked-repository-on-github/7363/30