ci: pass secrets explicitly to reusable workflow

Using `secrets: inherit` forwards all secrets to the workflow and makes
it harder to determine which secrets the workflow was actually executed
with. See: https://docs.zizmor.sh/audits/#secrets-inherit

Signed-off-by: Daniel Hast <hast.daniel@protonmail.com>

Author: HastD

.github/workflows/release.yml

@@ -389,6 +389,7 @@ jobs:
       contents: write # to push to a branch
       pull-requests: write # to read and create PRs
     if: needs.check.outputs.buildonly == 'false'
-    secrets: inherit
+    secrets:
+      PODMANBOT_TOKEN: ${{ secrets.PODMANBOT_TOKEN }}
     with:
       version: ${{ needs.check.outputs.version }}