ci: add GITHUB_TOKEN to workflows for auth'd template updates

[dwisiswant0]

Proposed changes

ci: add GITHUB_TOKEN to workflows for auth'd template updates

• Updated .github/workflows/tests.yaml:
  • Added GITHUB_TOKEN to validate job to
    support make template-validate.
• Updated .github/workflows/flamegraph.yaml:
  • Added GITHUB_TOKEN to flamegraph job for
    nuclei -update-templates.
• Updated .github/workflows/generate-pgo.yaml:
  • Added GITHUB_TOKEN to pgo job for
    nuclei -update-templates.

This make sure auth'd GitHub API calls during
template updates, avoiding rate limit issues.
Closes #7118

Proof

N/A

Checklist

• Pull request is created against the dev branch
• All checks passed (lint, unit/integration/regression tests etc.) with my changes
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (3)

• .github/workflows/flamegraph.yaml is excluded by !**/*.yaml
• .github/workflows/generate-pgo.yaml is excluded by !**/*.yaml
• .github/workflows/tests.yaml is excluded by !**/*.yaml

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 395b880f-3acf-400b-a4ca-0456ca299d5f

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dwisiswant0/ci/add-GITHUB-TOKEN-to-workflows-for-auth-d-template-updates

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[neo-by-projectdiscovery-dev]

Neo - PR Security Review

No security issues found

Highlights

• Adds GITHUB_TOKEN environment variable to three CI workflows (tests.yaml, flamegraph.yaml, generate-pgo.yaml) to enable authenticated GitHub API calls during template updates
• Prevents rate limiting issues when downloading nuclei templates from GitHub
• Token is used only for GitHub API authentication and git operations, not exposed in logs or command arguments

Hardening Notes

• Consider adding explicit permissions blocks to tests.yaml and flamegraph.yaml jobs (currently using defaults). While the current default permissions are safe, explicit declarations improve clarity and prevent future misconfigurations.
• The generate-pgo.yaml workflow has contents: write permission and runs on workflow_dispatch. Consider adding a repository_dispatch trigger restriction or branch protection to ensure only authorized users can trigger PGO generation.

_{Comment @neo help for available commands. · Open in Neo}