fix(consumers): forward INTEGRATION_* App secrets to build_docker_image_multiplatform

The reusable supports `client_id` + `app_private_key` and uses them
to mint an installation token + write /tmp/.netrc so `uv sync` can
fetch private git deps. The canonical caller never passed them, so
every consumer with private deps (e.g. whengas/nats-platform-meta
pulling pyapi-service-kit @ git+https://...) failed at build time
with `awk: cannot open "/app/.netrc"` and exit 2.

Both secrets are required: false in the reusable, so consumers
without private deps and without org-level INTEGRATION_* configured
keep working — the values resolve to '' and the netrc step is
skipped.

Author: jr200

consumers/workflows/build-docker-image.yaml

@@ -56,3 +56,11 @@ jobs:
     secrets:
       registry_username: ${{ github.actor }}
       registry_token: ${{ secrets.GITHUB_TOKEN }}
+      # GitHub App auth for cloning private git deps at build time
+      # (e.g. uv sync over `pkg @ git+https://github.com/<org>/<repo>`).
+      # The reusable mints an installation token and writes /tmp/.netrc
+      # only when both are non-empty; repos with no private deps can
+      # leave the org-level INTEGRATION_* unset and these resolve to ''
+      # without breaking the build.
+      client_id: ${{ vars.INTEGRATION_CLIENT_ID }}
+      app_private_key: ${{ secrets.INTEGRATION_APP_PRIVATE_KEY }}