feat: automated GitHub Actions release workflow for PyPI publishing

[dtehan-td]

Summary

• Adds .github/workflows/release.yml — a GitHub Actions workflow that automates the full release pipeline: build, GitHub Release creation, TestPyPI publish + smoke test, approval gate, and production PyPI publish
• Updates docs/developer_guide/DEVELOPER_GUIDE.md to document the automated workflow, one-time GitHub setup (secrets, environments), VPN requirement, and the approval process

Release pipeline

git push origin v0.2.x
       ↓
build & verify (uv build --no-cache, twine check, local wheel smoke test)
       ↓
create GitHub Release (auto-generated notes, dist assets attached)
       ↓
publish to TestPyPI + uvx smoke test
       ↓
manual approval gate (pypi GitHub Environment)
       ↓
publish to PyPI + uvx smoke test

Triggered by pushing a version tag (v*.*.*) or manually via the Actions UI "Run workflow" button. Releases are not created on every commit — the tag push is the explicit release trigger.

One-time setup required

Before this workflow can run, a repo admin needs to:

1. Add TEST_PYPI_TOKEN and PYPI_TOKEN secrets under Settings → Secrets and variables → Actions
2. Create test-pypi and pypi environments under Settings → Environments, with Required reviewers configured on pypi

See the updated Developer Guide for full setup instructions.

Test plan

• Confirm release.yml syntax is valid (GitHub Actions workflow linter)
• Add TEST_PYPI_TOKEN and PYPI_TOKEN secrets to repo settings
• Create test-pypi and pypi environments with required reviewer on pypi
• Push a test tag (e.g., v0.2.3) and verify the workflow runs end-to-end
• Confirm GitHub Release is created with correct notes and dist assets
• Confirm TestPyPI smoke test passes before approval prompt appears
• Approve production publish and confirm package is live on PyPI