Use GITHUB_TOKEN when downloading release assets to avoid rate-limiting

[TingluoHuang]

Ensure the following before filing this issue

• I verified it reproduces with the latest version with - uses: ruby/setup-ruby@v1 (see Versioning policy)

• I tried to reproduce the issue locally by following the workflow steps (including all commands done by ruby/setup-ruby, except for Downloading Ruby & Extracting Ruby),
  and it did not reproduce locally (if it does reproduce locally, it's not a ruby/setup-ruby issue)

Are you running on a GitHub-hosted runner or a self-hosted runner?

GitHub-hosted runner

Link to the failed workflow job (must be a public workflow job, so the necessary information is available)

I don't have one

Any other notes?

The GitHub platform has more restriction on request without auth header, since Actions provides a GITHUB_TOKEN by default, I think we should leverage that to help the setup-ruby action improve its stability.

I copied a similar pattern we have in actions/setup-node https://github.com/actions/setup-node/blob/main/action.yml#L18
and created #851

[eregon]

Have you seen an actual error that this would solve?
If not I'm not sure we should add extra code for a problem which hasn't been seen.
AFAIK unauthenificated limits for downloads (e.g. https://github.com/ruby/ruby-builder/releases/download/ruby-4.0.0/ruby-4.0.0-ubuntu-24.04-x64.tar.gz) are very high, there seems even no limits specified in GitHub docs about that.

[eregon]

Ah I didn't know you're working at GitHub. I'd still like to understand in which cases this is necessary/which cases it would fix.

[TingluoHuang]

I am working for GitHub Actions. 😄
I can't share too much details but unauthenticated requests are normally get dropped when GitHub is under heavy load, so we can better serve authed requests.
Based on our telemetry, we noticed the ruby/setup-ruby is one of the victim when we start drop un-auth requests.