Improve release workflow (#6646)

* Use PAT to avoid version bump commit problems due to branch protections

Following the instructions of stefanzweifel/git-auto-commit-action [1]
for pushing to branches with branch protections, this changes the create
release workflow to fetch the repo with a PAT (that must belong to an
admin for this to work). As a result, when pushing the version bump
commit, the required status checks are not required (provided the rules
are not applied to admins).

---
1. https://github.com/stefanzweifel/git-auto-commit-action#push-to-protected-branches

* Add warning to not add `on: push` to create release workflow

* Enforce that create-release isn'ttriggered by push events

.github/workflows/create-release.yml

@@ -1,5 +1,7 @@
 name: Create Release Pull Request
 on:
+  # THIS WORKFLOW SHOULD NEVER BE TRIGGERED ON A PUSH EVENT. IF TRIGGERED ON A
+  # PUSH EVENT IT MAY CREATE AN ENDLESS STREAM OF 'version bump' COMMITS.
   workflow_dispatch:
   schedule:
     # "At 00:00 on Sunday" (https://crontab.guru/once-a-week)
@@ -16,6 +18,7 @@ on:
 jobs:
   release-pr:
     runs-on: ubuntu-latest
+    if: github.event_name != 'push'
     outputs:
       did-create-pr: ${{ steps.release.outputs.did-create-pr }}
       new-version: ${{ steps.release.outputs.new-version }}
@@ -27,11 +30,15 @@ jobs:
   version-bump:
     runs-on: ubuntu-latest
     needs: release-pr
-    if: needs.release-pr.outputs.did-create-pr == 'true'
+    if: |
+      github.event_name != 'push' &&
+      needs.release-pr.outputs.did-create-pr == 'true'
     steps:
       - name: Checkout
         uses: actions/checkout@v2
         with:
+          # Ensure the commit can be pushed regardless of branch protections (must belong to an admin of this repo)
+          token: ${{ secrets.RELEASE_TOKEN }}
           # Ensure we are checked out on the develop branch
           ref: develop
       - name: Bump version