Enable org-billed Copilot auth for agentic workflows (#10984)

This updates the repository’s agentic workflows to use the current
Copilot permission model for org-wide billing. The workflows no longer
depend on the legacy `COPILOT_GITHUB_TOKEN` secret path for Copilot
inference.

- **Workflow source updates**
  - Updated the agentic workflow frontmatter in:
    - `.github/workflows/bump-tcgc-csharp.md`
    - `.github/workflows/issue-triage.md`
- Replaced broad `read-all` shorthand with explicit permissions that
preserve read access while enabling Copilot requests:
    ```yaml
    permissions:
      all: read
      copilot-requests: write
    ```

- **Generated workflow refresh**
- Recompiled the corresponding `.lock.yml` files so generated workflows
match the new auth model.
- The generated workflows now use `github.token` for Copilot auth
instead of the old secret-validation flow.

- **Behavioral impact**
- Removes reliance on the previous Copilot token setup for these agentic
workflows.
- Aligns workflow auth with the current org-billed Copilot execution
path.

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: timotheeguerin <1031227+timotheeguerin@users.noreply.github.com>

Author: Copilot

.github/aw/actions-lock.json

@@ -5,11 +5,6 @@
       "version": "v9.0.0",
       "sha": "3a2844b7e9c422d3c10d287c895573f7108da1b3"
     },
-    "github/gh-aw-actions/setup@v0.77.5": {
-      "repo": "github/gh-aw-actions/setup",
-      "version": "v0.77.5",
-      "sha": "3ea13c02d765410340d533515cb31a7eef2baaf0"
-    },
     "github/gh-aw/actions/setup@v0.57.2": {
       "repo": "github/gh-aw/actions/setup",
       "version": "v0.57.2",

.github/workflows/agentics-maintenance.yml

@@ -9,7 +9,9 @@ on:
   schedule: "13 3 * * *"
   workflow_dispatch:
 
-permissions: read-all
+permissions:
+  all: read
+  copilot-requests: write
 
 network: defaults
 

.github/workflows/bump-tcgc-csharp.lock.yml

@@ -17,7 +17,7 @@ jobs:
       - uses: actions/checkout@v6
 
       - name: Install gh-aw
-        run: curl -sL https://raw.githubusercontent.com/github/gh-aw/main/install-gh-aw.sh | bash
+        run: curl -sL https://raw.githubusercontent.com/github/gh-aw/main/install-gh-aw.sh | bash -s -- v0.79.8
 
       - name: Compile and check for drift
         run: |

.github/workflows/bump-tcgc-csharp.md

@@ -17,7 +17,9 @@ on:
   roles: all
   reaction: eyes
 
-permissions: read-all
+permissions:
+  all: read
+  copilot-requests: write
 
 network: defaults
 

.github/workflows/check-agentic-workflows.yml

@@ -13,6 +13,7 @@ pnpm-lock.yaml
 
 # Agentic workflow lock file
 **/*.lock.yml
+.github/workflows/agentics-maintenance.yml
 
 # Emu spec file, formatting is wrong
 packages/spec/src/spec.emu.html