fix: authenticate GitHub API call in deploy-docs workflow (#29)

Unauthenticated requests to api.github.com/repos/.../releases/latest
hit the 60 req/hr rate limit, returning an empty 403 body that caused
json.load() to raise JSONDecodeError. Fix by:
- Injecting GITHUB_TOKEN as Bearer auth header (rate limit → 5000/hr)
- Capturing the API response to $RELEASE_JSON before piping to python3
  so a failed curl exits non-zero via set -euo pipefail instead of
  silently feeding empty stdin to json.load()

Author: PythonWoods-Dev

.github/workflows/deploy-docs.yml

@@ -59,9 +59,16 @@ jobs:
         run: uv sync --group dev
 
       - name: Download Lucide Icons
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
+          set -euo pipefail
           mkdir -p overrides/.icons/lucide
-          ASSET_URL=$(curl -sf https://api.github.com/repos/lucide-icons/lucide/releases/latest \
+          RELEASE_JSON=$(curl -sf \
+            -H "Authorization: Bearer $GH_TOKEN" \
+            -H "Accept: application/vnd.github+json" \
+            https://api.github.com/repos/lucide-icons/lucide/releases/latest)
+          ASSET_URL=$(echo "$RELEASE_JSON" \
             | python3 -c "import sys,json; r=json.load(sys.stdin); print(next(a['browser_download_url'] for a in r['assets'] if a['name'].startswith('lucide-icons') and a['name'].endswith('.zip')))")
           curl -sL "$ASSET_URL" -o /tmp/lucide.zip
           unzip -q /tmp/lucide.zip "*.svg" -d /tmp/lucide-extracted