[INFRA-8096] Migrate to GHA

[areuge]

If you want your PR addressed quickly, please also reach out to our support team
so we can understand when you need it reviewed and how it is impacting your use of our services. We also generally
will not release new versions of our library without new feature support, a bug fix, or a clear reason from a customer
why an update is required to minimize how often other customers need to update.

What does this do and why?

This PR migrates the CI/CD release and testing pipelines from Jenkins to standalone GitHub Actions workflows (INFRA-8096), while successfully resolving the blocking GPG artifact signing failure.

The Root Cause:

Our historical GPG key (95BCB1665C76C3A6) hosted on Jenkins was discovered to be a hardware smartcard/HSM stub (sec#). Because the actual private material was physically tied to the old Jenkins host, exporting it into a GitHub Secret resulted in an empty shell, throwing persistent No secret key errors during the Maven signing phase.

The Solution:

• Imported the new dedicated CI signing key (B85D4DAEA102C95F). To guarantee robustness and prevent relying blindly on runner defaults without touching the POM, the key ID is explicitly declared and locked inside the runner's ecosystem via ~/.gnupg/gpg.conf.
• Release Workflow: Implemented Perform Maven Release (triggered via workflow_dispatch). Passes the passphrase directly via -Dlocal.gpg.passphrase to feed the POM's release subprocess execution seamlessly.
• Test Workflow: Implemented Maven Tests (workflow_dispatch) to execute standard package verification while bypassing GPG requirements (-Dgpg.skip=true).
• Documentation: Updated the README.md to accurately map the new manual validation tasks.

Additional notes for reviewers

• To keep maintenance minimal and maintain instant log visibility, the new GPG Key ID is explicitly declared inside the workflow rather than using a GitHub Organization variable.
• All automated triggers (on: push/on: pull_request) are intentionally omitted from these standalone workflows to mitigate supply-chain risks on this public repository.

Testing

• If these changes added new functionality, I tested them against the live API with real auth
• I wrote tests covering these changes
• I ran the full test suite and it passed

Test run results, including date and time:

(Successfully validated the entire Maven lifecycle and GPG signature mechanism on the live GitHub Action runner)
Github Actions logs for more details

Airship Contribution Agreement

Link here

• I've filled out and signed Airship's contribution agreement form.

Screenshots

• If applicable