Use --atomic when running git push

[nayanmanojgupta]

Describe the bug

Currently, "auto" uses "git push --follow-tags" which is non-atomic by default.
Using non-atomic push can cause issues. For example, if a protected branch hook is enabled, branch updates will be rejected.
In such cases, a tag might be created but the changelog will not be committed. This will result in a "tag already exists" error during the next run

To Reproduce

1. Enable a protected branch hook, such as requiring commits to be made through a pull request.
2. Remove admin permissions from the bot user.
3. Execute "auto shipit".

As a result, tags will be pushed but branch changes will be rejected. These orphan tags will then have to be manually deleted to prevent future conflicts.

Expected behavior
Use "git push --follow-tags --atomic," supported since Git v2.4.0. This ensures that no orphan tags are created.

Screenshots

Environment information:

Environment Information:

"auto" version: v11.2.1
"git"  version: v2.39.5 (Apple Git-154)
"node" version: v16.16.0
GHE version:    v3.12.8

Additional context:
I am aware about the protected-branch plugin, but I prefer not to create a PR for each changelog commit.
If there's an accidental change in the service account permission from admin to write, I want AUTO tool to either push all references on the remote or none at all.

[ykhandelwal913]

@hipstersmoothie can you review this PR. We are facing similar issue where tags are getting created but branch push failed and next run says, tags already exist. With this, it wont push the changes if any of the push failed.

[nayanmanojgupta]

@sugarmanz @hipstersmoothie

[hipstersmoothie]

@ykhandelwal913 thanks for explaining that to me