ci(hypatia-scan): wire FLEET_PUSH_TOKEN to its own secret

The hypatia-scan workflow's submit-findings step was sourcing the
FLEET_PUSH_TOKEN env var from HYPATIA_DISPATCH_PAT — leaving the
dedicated FLEET_PUSH_TOKEN secret unused. Wire it through directly
so the token finally has the role its scope was provisioned for.

FLEET_DISPATCH_TOKEN still sources HYPATIA_DISPATCH_PAT pending a
decision on whether that role gets its own dedicated PAT.

Author: hyperpolymath

.github/workflows/hypatia-scan.yml

@@ -86,7 +86,7 @@ jobs:
         if: steps.scan.outputs.findings_count > 0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          FLEET_PUSH_TOKEN: ${{ secrets.HYPATIA_DISPATCH_PAT }}
+          FLEET_PUSH_TOKEN: ${{ secrets.FLEET_PUSH_TOKEN }}
           FLEET_DISPATCH_TOKEN: ${{ secrets.HYPATIA_DISPATCH_PAT }}
           GITHUB_REPOSITORY: ${{ github.repository }}
           GITHUB_SHA: ${{ github.sha }}