Uncomment deploy step in GitHub Actions workflow

[peterus]

No description provided.

[Copilot]

Pull request overview

Re-enables the GitHub Pages deployment step in the release documentation workflow so that generated release artifacts are automatically published to the external documentation repository.

Changes:

• Uncomment and reintroduce the Deploy 🚀 step using JamesIves/github-pages-deploy-action@v4.
• Deploy the output/ directory to OE5XRX/OE5XRX.github.io under docs/remote-station/hardware/${{ github.event.repository.name }}.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This deploy step grants a long-lived secret (DEPLOY_GH_TOKEN) to a third-party action. To reduce supply-chain risk, consider pinning JamesIves/github-pages-deploy-action to a specific commit SHA (or at least a fully qualified release tag) rather than @v4, since this step can push to another repository.

Suggested change

	uses: JamesIves/github-pages-deploy-action@v4
	uses: JamesIves/github-pages-deploy-action@v4.6.0

[Copilot]

DEPLOY_GH_TOKEN should be a fine-grained PAT scoped only to OE5XRX/OE5XRX.github.io with the minimal permissions required for this deploy (and ideally stored behind a protected GitHub Environment). This workflow runs on release: published, so tightening token scope and gating helps limit blast radius if the workflow is triggered unexpectedly.

Suggested change

	token: ${{ secrets.DEPLOY_GH_TOKEN }}
	token: ${{ secrets.GITHUB_TOKEN }}

[Copilot]

Consider adding an explicit permissions: block (workflow- or job-level) to enforce least-privilege for the GITHUB_TOKEN. Right now this workflow relies on the repository default permissions, but the job performs a deployment and uses several secrets, so being explicit makes permission changes safer/auditable.