ci: pass CODECOV_TOKEN explicitly to codecov-action

[maltsev-dev]

Problem

Previous CI runs #27811830168 and #27812924596 both completed but Codecov upload failed with:

warning - Branch `<X>` is protected but no token was provided
error - Commit creating failed: {"message":"Token required because branch is protected"}
error - Report creating failed: {"message":"Token required because branch is protected"}
error - Upload queued for processing failed: {"message":"Token required because branch is protected"}

The CODECOV_TOKEN secret IS configured in repo settings (gh secret list shows it), but codecov-action@v4 is not picking it up from env in this workflow.

Fix

Pass the token explicitly via the action's token input. Also pin the report file path and disable hard-fail on upload error so a Codecov outage doesn't block CI.

       - uses: codecov/codecov-action@v4
-        if: always()
+        if: always()
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: ./coverage.xml
+          fail_ci_if_error: false

Verification

After merge, the next CI run should:

• Log ==> token set (or similar) in the codecov step
• Successfully upload to https://app.codecov.io/gh/nullrunio/nullrun-sdk-python
• Make the badge in README show actual coverage instead of "unknown"