ci: use built-in GITHUB_TOKEN with contents:write perm, drop GH_PAT dep

The user's GH_PAT secret kept producing 403s on release creation (the
token showed 'never used' in GitHub — likely the secret was never
actually saved with the regenerated value). Sidestep the secret
entirely: GitHub Actions exposes a built-in GITHUB_TOKEN automatically
whose permissions can be declared at the workflow level. Grant
contents:write and the softprops/action-gh-release action picks it up
as the default GITHUB_TOKEN. No user-managed PAT needed.

Author: khalidaboelmagd

.github/workflows/kernelsu-oos11.yml

@@ -18,6 +18,9 @@ env:
   CCACHE_MAXSIZE: "2G"
   CCACHE_HARDLINK: "true"
 
+permissions:
+  contents: write   # required for softprops/action-gh-release to create releases
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -120,10 +123,6 @@ jobs:
           path: OP7-OOS11-KSUN-*.zip
 
       - name: Release
-        # Release requires a PAT with contents:write. If the token lacks
-        # that scope the step errors but the artifact has already been
-        # uploaded in the previous step, so do not fail the whole run.
-        continue-on-error: true
         if: github.event_name == 'workflow_dispatch' || github.event_name == 'push'
         uses: softprops/action-gh-release@v2
         with:
@@ -135,5 +134,5 @@ jobs:
             Target: OxygenOS 11
             KernelSU-Next: ${{ env.KSU_NEXT_TAG }}
             SUSFS: disabled (add in follow-up once root grant is stable)
-        env:
-          GITHUB_TOKEN: ${{ secrets.GH_PAT }}
+        # Uses the built-in GITHUB_TOKEN (granted contents:write at the
+        # workflow level above). No repo secret required.