feat: auto-forward github-token as GITHUB_APM_PAT + document private repo auth

[Copilot]

GitHub Actions forbids secrets with the GITHUB_ prefix, so users couldn't set GITHUB_APM_PAT directly and had to manually wire up differently-named secrets — unnecessary friction for the common case.

Changes

• src/runner.ts — Forward github-token input to GITHUB_APM_PAT via ??=, so an explicit env: GITHUB_APM_PAT always wins:

  process.env.GITHUB_TOKEN ??= githubToken;
  process.env.GITHUB_APM_PAT ??= githubToken;  // new

  Same-org private repos now work with zero config since github-token defaults to ${{ github.token }}.

• src/__tests__/runner.test.ts — Extended existing token-forwarding tests to assert GITHUB_APM_PAT is set/not-set/not-clobbered; added a dedicated does not clobber existing GITHUB_APM_PAT from job-level env test.

• README.md — Added Private repo authentication section documenting the three tiers:

  # Same-org: zero config
  - uses: microsoft/apm-action@v1
  
  # Cross-org: pass broader-scoped PAT
  - uses: microsoft/apm-action@v1
    with:
      github-token: ${{ secrets.APM_PAT }}
  
  # Multi-org / multi-platform: full env control
  - uses: microsoft/apm-action@v1
    env:
      GITHUB_APM_PAT: ${{ secrets.APM_PAT }}
      GITHUB_APM_PAT_CONTOSO: ${{ secrets.APM_PAT_CONTOSO }}
      ADO_APM_PAT: ${{ secrets.ADO_PAT }}

  Also added github-token to the Inputs table (it existed in action.yml but was undocumented in the README).

---

💬 Send tasks to Copilot coding agent from Slack and Teams to turn conversations into code. Copilot posts an update in your thread when it's finished.

[Copilot]

Pull request overview

This PR reduces GitHub Actions authentication friction by automatically forwarding the existing github-token input into APM’s expected GITHUB_APM_PAT environment variable (without overriding explicit job-level env), and documents the recommended auth patterns for private repos.

Changes:

• Forward github-token to process.env.GITHUB_APM_PAT using ??= so explicit env: GITHUB_APM_PAT retains priority.
• Extend runner tests to cover setting/not-setting/not-clobbering GITHUB_APM_PAT.
• Document private repo authentication tiers in the README and add the previously-undocumented github-token input to the Inputs table.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated no comments.

File	Description
src/runner.ts	Auto-forwards github-token to GITHUB_APM_PAT (in addition to GITHUB_TOKEN) while preserving pre-set env values.
src/tests/runner.test.ts	Adds coverage for GITHUB_APM_PAT forwarding behavior and “do not clobber” semantics.
README.md	Documents private repo auth scenarios and adds github-token to the Inputs table.
dist/index.js	Updates bundled action output to reflect the new env forwarding behavior.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.