fix(release): remove @semantic-release/git to avoid push on protected main

[savez]

Summary

• Removes @semantic-release/git plugin from .releaserc.json
• This plugin attempted to push a chore(release): commit directly to main after each release, which is now blocked by branch protection requiring PRs + status checks
• Semantic-release will still create git tags, publish to npm (with provenance), and create GitHub releases with full changelogs — only the CHANGELOG.md commit back to the repo is dropped

Why this is needed

Branch protection on main was enabled (requiring PR review + 2 passing CI checks before merge). The @semantic-release/git plugin pushes directly to main, which is now rejected, causing releases to fail.

Trade-offs

• CHANGELOG.md will no longer be committed back into the repo after each release
• Release notes are still fully generated and visible on GitHub Releases via @semantic-release/release-notes-generator + @semantic-release/github

Optional follow-up

To restore CHANGELOG.md commits: add the MACHINE_PAT token owner as a bypass actor in GitHub → Settings → Branches → Edit main protection rule → "Allow specified actors to bypass required pull requests", then re-add @semantic-release/git to .releaserc.json.

[github-actions]

Coverage Report

[github-actions]

QA Report

Check	Status
🔍 Lint	✅
🧪 Test & Coverage	✅
🔐 Secrets Scan	✅

Generated automatically by QA Workflow

[savez]

🎉 This PR is included in version 1.0.0