chore(deps): update actions/create-github-app-token action to v3

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/create-github-app-token	action	major	v2 → v3

---

Release Notes

actions/create-github-app-token (actions/create-github-app-token)

v3

Compare Source

---

Configuration

📅 Schedule: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

.github/workflows/ai-flag-cleanup-pr.yml

Package	Version	License	Issue Type
actions/create-github-app-token	3.*.*	Null	Unknown License

Allowed Licenses:

Apache-2.0, MIT, MIT-0, BSD-2-Clause, BSD-3-Clause, ISC, 0BSD, CC0-1.0, Unlicense, BlueOak-1.0.0, CC-BY-4.0, Artistic-2.0, PSF-2.0, MPL-2.0

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/create-github-app-token	3.*.*	🟢 6.1	Details Check Score Reason Maintained 🟢 10 20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 0 Found 0/8 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches SAST 🟢 6 SAST tool is not run on all commits -- score normalized to 6

Scanned Files

• .github/workflows/ai-flag-cleanup-pr.yml