Convert PATs to workload identity federated accounts

Passing long-lived PATs to a GitHub Action exposes our code base to security concerns. PATs should be replaced with WIFs. See https://github.com/google-github-actions/auth.