Use GH instead of softprops/action-gh-release

[TimoPtr]

Summary

We should avoid using an external action when we can do the same operation with the tool already available it limits our attack surface. It is also one less thing to update.

This address two warning from zizmor

info[template-injection]: code injection via template expansion
   --> ./.github/workflows/onPush.yml:106:34
    |
106 |         run: gh release edit ${{ steps.rel_number.outputs.version }} --draft=false
    |         --- this run block       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ may expand into attacker-controllable code
    |
    = note: audit confidence → Low
    = note: this finding has an auto-fix

info[superfluous-actions]: action functionality is already included by the runner
  --> ./.github/workflows/onPush.yml:88:15
   |
86 |       - name: Create draft Github Pre-Release
   |         ------------------------------------- this step
87 |         if: github.event.inputs.beta == 'true'
88 |         uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
   |               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ use `gh release` in a script step
   |
   = note: audit confidence → High

[Copilot]

Pull request overview

This PR reduces GitHub Actions supply-chain exposure by replacing softprops/action-gh-release with the built-in gh CLI to create/update the beta GitHub prerelease during the onPush workflow.

Changes:

• Replace softprops/action-gh-release usage with a bash step that uses gh release view/upload/edit/create
• Consolidate “create prerelease” and “publish prerelease” logic into a single conditional block