fix: use token auth header for package registry uploads

The GITHUB_TOKEN with basic auth returns 401 reqPackageAccess.
Switch to Authorization: token header which grants proper scope.

.gitea/workflows/release-nightly.yml

@@ -42,19 +42,20 @@ jobs:
             fi
           done
       - name: Publish nightly to Generic Package Registry
+        env:
+          GITEA_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           API_BASE="https://git.lethalbits.com/api/packages/lethalbits/generic/gitea-mcp-extended/nightly"
           echo "Publishing to: $API_BASE"
-          echo "Actor: ${{ gitea.actor }}"
           ls -la gitea-mcp-extended_*.tar.gz gitea-mcp-extended_*.zip 2>/dev/null || true
           for f in gitea-mcp-extended_*.tar.gz gitea-mcp-extended_*.zip; do
             [ -f "$f" ] || continue
             echo "Uploading $f..."
             # Delete old nightly file first (can't overwrite)
-            curl -k -X DELETE --user "${{ gitea.actor }}:${{ secrets.GITHUB_TOKEN }}" \
+            curl -k -X DELETE -H "Authorization: token ${GITEA_TOKEN}" \
               "${API_BASE}/${f}" || true
             HTTP_CODE=$(curl -k -o /tmp/upload_response -w '%{http_code}' \
-              --user "${{ gitea.actor }}:${{ secrets.GITHUB_TOKEN }}" \
+              -H "Authorization: token ${GITEA_TOKEN}" \
               --upload-file "$f" \
               "${API_BASE}/${f}")
             echo "HTTP response: $HTTP_CODE"