Add a release workflow to GitHub Actions

[charliermarsh]

Summary

This PR moves the release workflow to GitHub Actions, which removes the need for wrangling PATs and other access controls locally.

Specifically, we now have a "Release" workflow that runs via workflow_dispatch, and accepts the commit SHA and the tag as arguments. You can run the workflow on a specific branch, which defaults to main, so the commit on which the release workflow runs does not need to match the commit being released, which IMO is a nice property.

The workflow is idempotent, such that it's safe to re-run with the same commit and tag if the release has already started, or completed, or failed partway through.

There's also a "dry-run" mode that avoids creating the release or uploading any artifacts. (If the release does exist, it will go a bit "further" in the process.)

Closes #253. Closes #256.

Test Plan

This took an embarrassing amount of trial and error, but feels pretty good now.

• Ran to completion: https://github.com/charliermarsh/python-build-standalone/actions/runs/8772527711
• Attempted to run with the same tag but different commit, which (correctly) raised an error: https://github.com/charliermarsh/python-build-standalone/actions/runs/8772541686
• Re-ran with same tag same commit, which correctly validated but didn't change anything, and exited successfully: https://github.com/charliermarsh/python-build-standalone/actions/runs/8772581636
• Ran with dry-run, which didn't create a release but validated the artifacfts: https://github.com/charliermarsh/python-build-standalone/actions/runs/8772642509