SubmitReview: Use Vault token

[pavel-mikula-sonarsource]

With the latest automation changes, we need the Vault-based token now. It's the same token as the one in RequestReview.yml file. Please take care of merging this, I have 200+ repos to update.

[sonar-review-alpha]

Summary

Migrates the SubmitReview workflow to use Vault-based GitHub token instead of GitHub secrets. This aligns with recent automation changes and matches the token retrieval pattern used in RequestReview.yml. The change removes the now-unnecessary pull-requests: read permission and updates the token source from the GitHub secrets environment to the Vault output.

What reviewers should know

What changed:

• Vault step now retrieves GITHUB_TOKEN from development/github/token/{REPO_OWNER_NAME_DASH}-jira
• Token is passed to SubmitReview action via Vault output instead of GitHub secrets
• Removed pull-requests: read permission (no longer needed)

Review focus:

• Verify the Vault path format matches your organization's token storage convention
• Check that {REPO_OWNER_NAME_DASH} is a recognized template variable in the workflow context
• Confirm this aligns with the RequestReview.yml pattern mentioned in the PR description

Note: This is one of 200+ repos being updated with this pattern, so consistency matters more than innovation here.

---

• Generate Walkthrough
• Generate Diagram

🗣️ Give feedback

[sonar-review-alpha]

LGTM! ✅

🗣️ Give feedback

[sonarqube-next]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube