fix(ci): add authentication for tag push in release workflow

- Use RELEASE_TOKEN for git push authentication when creating tags
- Add early check to fail with clear error if RELEASE_TOKEN is not configured

.forgejo/workflows/release.yml

@@ -12,6 +12,15 @@ jobs:
     runs-on: nix
 
     steps:
+      - name: Check RELEASE_TOKEN is configured
+        env:
+          RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
+        run: |
+          if [ -z "$RELEASE_TOKEN" ]; then
+            echo "::error::RELEASE_TOKEN secret is not configured. Please add it in repository settings."
+            exit 1
+          fi
+
       - name: Check out Repository
         uses: https://git.konstantinfickel.de/actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
@@ -19,6 +28,8 @@ jobs:
 
       - name: Extract version and handle tagging
         id: version
+        env:
+          RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
         run: |
           if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
             # Manual trigger: read version from Cargo.toml
@@ -31,8 +42,9 @@ jobs:
               exit 1
             fi
 
-            # Create and push the tag
+            # Create and push the tag using RELEASE_TOKEN for authentication
             git tag "$TAG"
+            git remote set-url origin "https://oauth2:${RELEASE_TOKEN}@git.konstantinfickel.de/kfickel/streamd.git"
             git push origin "$TAG"
 
             echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT