Use/expect deploy key to bypass normal rules when releasing

This deploy key should be a secret containing the ssh key that is configured as a deploy key. By using the new rules on github, and allowing bypass for deploy keys in the `main` (or default) branch protection, it should become possible to add the required commits on `main`.
This does introduce a new possible vulnerable vector security-wise. If a action is added that contains malicious code that reads the key, it could be exposed and someone could get access to the repeository with that. This risk would be mitigated by restricting actions being updatable by random people, and being aware on this when reviewing, but it does remain a risk.
GitHub Apps might be an alternative, but didn't look into that yet. That could at least make it more fine-grained, ensuring only specific actions could be taken.

Author: BertScholten

.github/workflows/maven-release.yml

@@ -21,6 +21,7 @@ jobs:
         uses: actions/checkout@v6
         with:
           fetch-depth: 0
+          ssh-key: ${{ secrets.DEPLOY_KEY }}
 
       - name: Set up Java & Maven
         uses: actions/setup-java@v5