Build and release activity separated in release pipeline

[d3r3kk]

Update our GCToolkit release pipeline to be compliant with Microsoft security tenets.

• Distinguish between build and release activity in the pipeline.
• Specify artifacts that are being released.

[Copilot]

Pull Request Overview

This PR separates build and release activities in the GCToolkit Azure DevOps pipeline to comply with Microsoft security tenets, stages artifacts explicitly, and scopes release approvals.

• Renamed the build step for clarity and added templateContext.outputs to stage artifacts.
• Removed the direct PublishPipelineArtifact task and introduced a dedicated release job that pulls the staged artifacts.
• Updated the approver list for the ESRP release task.

Comments suppressed due to low confidence (2)

.devops/gctoolkit-release.yml:68

• The artifactName line appears misaligned under the - input: pipelineArtifact list item. Ensure its indentation (and preceding hyphen if needed) nests correctly under the same list element so the YAML parser includes both input, artifactName, and targetPath together.

artifactName: staged-artifacts

.devops/gctoolkit-release.yml:208

• Double-check that the new templateContext.outputs block actually publishes the staged-artifacts for downstream jobs. If the template does not auto-handle publishing, consider reinstating an explicit PublishPipelineArtifact@1 step to guarantee the artifact is available to the release job.

-            - task: 1ES.PublishPipelineArtifact@1

[d3r3kk]

Using the test pool until after the July PSU release of the Microsoft Build of OpenJDK.