We are trying to set up a CI/CD pipeline that runs terraform plan on pull requests and apply on merge. The plan step fails with a 403 Forbidden error when the provider attempts to read the org configuration. The token has the necessary scopes but the action context seems to be stripping permissions. Here is the workflow snippet causing the issue. What is the correct way to pass the OAuth token so plan can execute without applying changes?