use github API to commit - which might make commits show up as verified?

[Sajjon]

try to make commits made by CD show up as verified.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.90%. Comparing base (bceb3d8) to head (6fbe955).
Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #20   +/-   ##
=======================================
  Coverage   96.90%   96.90%           
=======================================
  Files          76       76           
  Lines        1650     1650           
=======================================
  Hits         1599     1599           
  Misses         51       51           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull Request Overview

This PR updates the release workflow to create commits via the GitHub API, ensuring they appear as verified as part of the CD process.

• Clarifies fetch-depth requirement for API operations
• Replaces direct git commit/push with API-based commit and ref update
• Adds JSON parsing and error handling around the API calls

Comments suppressed due to low confidence (2)

.github/workflows/release.yml:131

• The workflow uses jq to parse JSON but does not install it. Consider adding a step to install jq before using it or switch to a parser available on the runner.

            NEW_SHA=$(echo "$COMMIT_RESPONSE" | jq -r '.sha')

.github/workflows/release.yml:106

• [nitpick] This block of raw curl commands is lengthy and can be harder to maintain. You could simplify and maintain this logic using actions/github-script or the GitHub CLI (gh api).

            COMMIT_RESPONSE=$(curl -s -f -X POST \