fix: use pull requests for feature tracker updates instead of direct push (#246)

- Replace direct push to protected master branch with PR creation
- Add proper GITHUB_TOKEN environment for git operations
- Use existing repository labels for PR creation
- Prevents GH006 protected branch update errors

Author: lgallard

.github/workflows/feature-discovery.yml

@@ -596,6 +596,8 @@ jobs:
 
       - name: Commit feature tracker updates
         if: steps.claude-discovery.conclusion == 'success'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           set -euo pipefail
 
@@ -641,8 +643,29 @@ jobs:
 
           [skip ci]"
 
-          # Push changes
-          git push origin HEAD
+          # Create branch and push for PR since master is protected
+          BRANCH_NAME="feature-discovery/tracker-update-$(date +%Y%m%d-%H%M%S)"
+          git checkout -b "$BRANCH_NAME"
+          git push origin "$BRANCH_NAME"
+          
+          # Create pull request for tracker updates
+          gh pr create \
+            --title "chore: update AWS Backup feature discovery tracker" \
+            --body "Automated update of feature discovery tracker database.
+          
+          **Scan Details:**
+          - Scan completed: $(date -u '+%Y-%m-%d %H:%M:%S UTC')
+          - Provider version: ${{ inputs.provider_version || 'latest' }}
+          - Workflow run: ${{ github.run_id }}
+          
+          This PR contains automated updates to the feature tracking database and can be safely merged.
+          
+          ---
+          *Auto-generated by AWS Backup Feature Discovery workflow*" \
+            --label "aws-backup,ci-cd,configuration" \
+            --assignee "lgallard"
+          
+          echo "Created PR for tracker updates on branch: $BRANCH_NAME"
 
           # Release lock
           flock -u 200