Replace the way the winget token is used in the `release-winget` workflow by a more secure way

[dscho]

As per the documentation:

For CI/CD scenarios, it is recommended to use the 'WINGET_CREATE_GITHUB_TOKEN' environment variable to store the token.

We're using the -t way, though, which is unsafe because the token "might be logged" (it won't, because it is marked as a secret, but still...).

Let's move to the environment variable just in case.