ci: harden release custody gate

[gchahal1982]

Summary

• require the public Agent release workflow to use the release environment before building/publishing release artifacts
• add hosted signing custody checks for Apple notarization, Windows EV/PFX, and Linux GPG private-key import
• add Linux/package signature helpers and signed aggregate SHA256SUMS.asc generation before draft release upload

Validation

• go run github.com/rhysd/actionlint/cmd/actionlint@latest .github/workflows/release.yml
• bash -n scripts/sign-and-notarize-macos.sh scripts/sign-linux.sh scripts/generate-checksums.sh
• PowerShell parser check for scripts/sign-windows.ps1

Remaining external blockers

• release environment secrets still need to be populated
• Windows EV/HSM/PFX custody and Microsoft package identity evidence remain outside this PR
• Linux release GPG private-key custody must be configured before the workflow can produce signed GA assets

[gchahal1982]

2026-05-20 release custody follow-up pushed to this branch (103eabb1166eb1481f512d174b24f408af9a8fc7):

• Draft release publishing now requires AURAONE_RELEASE_BOT_TOKEN instead of the default workflow token.
• Publish custody now fails closed unless CLOUDFLARE_API_TOKEN, CLOUDFLARE_ACCOUNT_ID, and CLOUDFLARE_R2_BUCKET are configured.
• CLOUDFLARE_ACCOUNT_ID, AURAONE_R2_BUCKET, and CLOUDFLARE_R2_BUCKET are configured; remaining hosted secret blockers are AURAONE_WINDOWS_CERT_THUMBPRINT, CLOUDFLARE_API_TOKEN, and AURAONE_RELEASE_BOT_TOKEN.

[gchahal1982]

DCO/sign-off follow-up: amended the custody commit with sign-off and force-with-lease pushed the same scoped changes. Current PR head is 0d288ccf4949a7d9df9f0d788eadcba82029b04b. Remaining blockers are still required reviews plus the external Windows/Cloudflare API token/release-bot custody.

[gchahal1982]

2026-05-20 custody follow-up:

• AURAONE_RELEASE_BOT_TOKEN is configured as a GitHub Actions secret on the checked release-owning repositories.
• CLOUDFLARE_API_TOKEN, CLOUDFLARE_ACCOUNT_ID, AURAONE_R2_BUCKET, and CLOUDFLARE_R2_BUCKET are configured as GitHub Actions secrets on the checked release-owning repositories.
• pnpm --dir opensource/open-studio-platform verify:signing-custody now reports AURAONE_WINDOWS_CERT_THUMBPRINT as the only missing hosted release secret name.

The PR still needs review/merge and a protected hosted release workflow run; Windows EV/HSM/PFX signing custody and Microsoft package identity evidence remain separate blockers.

[gchahal1982]

2026-05-20 managed Windows signing follow-up:

• Added managed Azure Artifact Signing / Trusted Signing support to scripts/sign-windows.ps1 while preserving thumbprint and PFX signing paths.
• Release workflow Windows custody preflight now accepts AURAONE_WINDOWS_SIGNING_PROVIDER=azure-artifact-signing with AURAONE_ARTIFACT_SIGNING_DLIB_PATH plus either metadata path or endpoint/account/profile secrets.
• Local validation before push: PowerShell parser check, managed-provider dry run rendering signtool /dlib ... /dmdf ..., actionlint, and DCO.
• Latest head: 79f8ea4905b7ddd59a3ebb16eee04fed2d22fc72.

This does not close the Windows release blocker by itself; actual EV/PFX/Azure signing custody and Microsoft package identity evidence are still required before hosted release execution and winget submission.