Drop legacy direct private key authentication

WORKER_URL is now the only authentication method. Removes the App
import, PRIVATE_KEY input, and the dual-path auth logic.

https://claude.ai/code/session_01NpiSv9DJeWXyK77tjPGt8F

Author: claude

action.yml

@@ -9,13 +9,10 @@ inputs:
     required: true
   JOB_ID:
     required: true
-  # Option A: provide the GitHub App private key directly (self-hosted App usage)
-  PRIVATE_KEY:
-    required: false
-  # Option B: provide the Cloudflare Worker URL to exchange a GitHub OIDC token
-  # for an installation access token (requires id-token: write permission on the job)
+  # Cloudflare Worker URL to exchange a GitHub OIDC token for an installation
+  # access token (requires id-token: write permission on the job)
   WORKER_URL:
-    required: false
+    required: true
   JOB_REGEX:
     required: true
   STEP_REGEX: