Update non-Default GitHub token usage to Mu GitHub app

Generates tokens during workflow execution instead of directly depending
on PATs.

Signed-off-by: Aaron Pop <[email protected]>

Author: apop5

.github/workflows/prepare-binaries.yml

@@ -34,6 +34,13 @@ jobs:
     - name: Checkout Self
       uses: actions/checkout@v4
 
+    - name: Generate Token
+      id: app-token
+      uses: actions/create-github-app-token@v2
+      with:Add commentMore actions
+        app-id: ${{ vars.MU_ACCESS_APP_ID }}
+        private-key: ${{ secrets.MU_ACCESS_APP_PRIVATE_KEY }}
+
     - name: Set up Python
       uses: actions/setup-python@v5
       with:
@@ -79,7 +86,7 @@ jobs:
       if: startsWith(github.ref, 'refs/tags/') && !endsWith(github.event.release.tag_name, '-signed')
       with:
         files: ReleaseFirmwareArchive/*
-        token: ${{ secrets.GH_UEFI_BOT_PUBLISH_TOKEN }}
+        token: ${{ steps.app-token.outputs.token }}
 
     - name: Prepare Release Signed Archive
       run: python scripts/prepare_signed_binaries.py PostSignedObjects --output ReleaseSignedArtifacts --version ${{ github.event.release.tag_name }}
@@ -90,4 +97,4 @@ jobs:
       if: startsWith(github.ref, 'refs/tags/') && endsWith(github.event.release.tag_name, '-signed')
       with:
         files: ReleaseSignedArtifacts/*
-        token: ${{ secrets.GH_UEFI_BOT_PUBLISH_TOKEN }}
+        token: ${{ steps.app-token.outputs.token   }}