Add release and publish GHA workflows

[blag]

Add two more GHA workflows to handle building the release distributions and publishing them to GitHub and PyPI.

This makes it MUCH easier to build and publish packages straight from GitHub. It is also arguably more secure, since it utilizes PyPI's Trusted Publishing method. That alleviates project maintainers from having to generate and secure long-lived API keys. Those API keys then become prime targets for exfiltration via malware. Using GHA WFs to publish releases is more secure and auditable.

This makes it much easier for maintainers to release new versions than relying on a single (or few) trusted project admin or owner. IMO, trusting maintainers to publish packages via pushing tags is not any more of a security risk than letting them maintain the codebase to begin with, so this doesn't require any additional trust in project maintainers than normal. Usually projects have a bottleneck of people who have permissions to release new versions to PyPI, and this alleviates that bottleneck.

With this PR, the developer experience goes like this:

• Normal PRs run the tests in django.yml
• Developer pushes a tag that starts with v -> release workflow in release.yml is run
  • If the pushed tag matches the current version of the package in pyproject.toml then:
    • the project is built into wheel and source distributions
    • an ephemeral draft changelog is automatically created from the commits
    • the softprops/action-gh-release GHA is run, which creates a draft release on GitHub with the two distribution files attached
    • the two distributions are explicitly cached to GitHub
  • If the pushed tag does not match, nothing is run
• Developer goes to GitHub, tweaks the draft release announcement to their liking, and hits publish (this officially publishes the release on GitHub) -> publish workflow in publish.yml is run
  • The distribution files are pulled from GitHub's cache and listed to the log for the sake of auditing
  • The distribution files are published to PyPA using their official pypa/gh-action-pypi-publish GHA

A few things to note:

1. I use tags to identify the version of GHAs to run. Those tags are not necessarily immutable. Using Git hashes would be slightly more secure, with the tradeoff that it wouldn't be immediately apparent what versions the tags referred to, making it more difficult to upgrade them in the future.
2. GitHub allows project admins to create an allowlist of GHAs that can be added to workflows. I highly recommend using this.

Relevant links:

• https://github.com/softprops/action-gh-release
• https://blog.kubesimplify.com/automated-github-releases-with-github-actions-and-conventional-commits
• https://github.com/pypa/gh-action-pypi-publish
• https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
• https://github.com/blag/django-bigredbutton/tree/main/.github/workflows/ (this PR was copied and tweaked from those files)