Fix tailnet deletion to use organization-level credentials

Use the original organization OAuth token instead of the tailnet-specific
token for deletion. Only the organization-level credentials that created
the tailnet have permission to delete it.

Changes:
- Use steps.get_access_token.outputs.access_token (organization token)
- Instead of steps.get_tailnet_token.outputs.tailnet_access_token (tailnet token)

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>

Author: rajsinghtech

.github/workflows/api-tailnet-k8s-test.yml

@@ -211,9 +211,9 @@ jobs:
           echo "Cleaning up Kind cluster..."
           kind delete cluster --name tailscale-test || true
           
-          if [ -n "${{ steps.get_tailnet_token.outputs.tailnet_access_token }}" ] && [ -n "${{ steps.create_tailnet.outputs.full_tailnet_name }}" ]; then
+          if [ -n "${{ steps.get_access_token.outputs.access_token }}" ] && [ -n "${{ steps.create_tailnet.outputs.full_tailnet_name }}" ]; then
             echo "Deleting API-only tailnet: ${{ steps.create_tailnet.outputs.full_tailnet_name }}"
-            ./tailscale/scripts/delete-tailnet.sh "${{ steps.get_tailnet_token.outputs.tailnet_access_token }}" "${{ steps.create_tailnet.outputs.full_tailnet_name }}" || echo "Failed to delete tailnet (may have already been deleted)"
+            ./tailscale/scripts/delete-tailnet.sh "${{ steps.get_access_token.outputs.access_token }}" "${{ steps.create_tailnet.outputs.full_tailnet_name }}" || echo "Failed to delete tailnet (may have already been deleted)"
           else
             echo "Skipping tailnet deletion - missing access token or tailnet name"
           fi