feat: Support pre-signed JWT for GitHub App authentication

[u-kai]

Resolves #3317

---

Before the change?

• GitHub App authentication required a PEM private key file (pem_file), meaning the
  private key had to be stored in the CI/CD environment.

After the change?

• app_auth now accepts a jwt field as an alternative to pem_file.
• Users can generate and sign the GitHub App JWT externally and pass it directly to the provider.
• Exactly one of pem_file or jwt must be set (ExactlyOneOf validation).
• The GITHUB_APP_JWT environment variable can be used to supply the JWT.

Pull request checklist

• [] Schema migrations have been created if needed (example)
• Tests for the changes have been added (for bug fixes / features)
• Docs have been reviewed and added / updated if needed (for bug fixes / features)

Does this introduce a breaking change?

Please see our docs on breaking changes to help!

• Yes
• No

---

[github-actions]

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labeled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀