Using github-actions[bot] gives you the GitHub logo as the profile picture on the commit.
github-actions[bot] isn’t a real GitHub user account, which will hopefully make it clear that a user account isn’t responsible for commits that the action makes.
For the branches being pushed to, you cannot have protections that require a PR or any status checks. This is probably a showstopper if you’re hoping to push to master or any other critical branch.
If you want to push to a branch without making the branch unprotected, you may want to ditch the github.token strategy for in favor of authenticating as a GitHub App. This would allow you to protect the target branch, while marking the GitHub App as an explicit exception to the branch protection.