fix: use app token for integration data workflow PRs

[IEvangelist]

Summary

• compile update-integration-data with gh aw v0.67.2
• mint the safe-output PR token from ASPIRE_BOT_APP_ID and ASPIRE_BOT_PRIVATE_KEY
• disable create-pull-request fallback-to-issue so PR auth failures do not silently create issues

Validation

• gh aw compile update-integration-data --actionlint

[Copilot]

Pull request overview

Updates the update-integration-data Agentic Workflow to use a GitHub App installation token for PR creation/updates and tightens failure behavior so auth issues don’t silently fall back to creating issues.

Changes:

• Adds GitHub App credentials to the safe-outputs config and disables create-pull-request “fallback-as-issue”.
• Regenerates the compiled workflow lock file with gh aw v0.67.2 (including new detection/safe-outputs plumbing and app-token usage).
• Adds a new workflow to auto-approve and enable squash auto-merge for workflow-generated integration-data PRs.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.

File	Description
.github/workflows/update-integration-data.md	Adds GitHub App token inputs and disables PR-to-issue fallback; doc formatting tweaks.
.github/workflows/update-integration-data.lock.yml	Regenerated compiled workflow to v0.67.2 and switches PR operations to GitHub App tokens.
.github/workflows/auto-merge-integration-data.yml	New workflow to auto-approve and enable squash auto-merge for labeled integration-data PRs.
.github/aw/actions-lock.json	Adds lock entry for github/gh-aw-actions/setup@v0.67.2.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.