feat: add aggregated Slack notifications for layer releases with failure details and post-publish validation

[aavinash-nr]

Summary

• Adds Slack release notifications to all layer publish workflows (Node.js,
  Python, Ruby, Java, .NET, Extension) — 1 message per workflow run,
  not one per matrix job
• Each message shows per-version pass/fail, the published layer version on
  success, and the exact failing step on failure
• Adds post-publish validation: confirms the layer is accessible in AWS after
  publish; fails the release if not found

What the Slack message looks like

Success

✅ Python Layer Release Succeeded
Tag: v1.2.3_python | Triggered by: aavinash-nr
✅ Python 3.9 (v42)
✅ Python 3.10 (v42) ...

Partial failure

❌ Python Layer Release Failed (1/7 versions failed)
✅ Python 3.9 (v42)
❌ Python 3.10 — Layer publish to AWS failed ...

All failed

⚠️ All versions failed. View full logs here.

How it works

Each matrix job writes a small result file (status, version, failure reason)
and uploads it as an artifact. A notify job (if: always()) downloads all
artifacts after every job completes and sends one Slack message.

Adding a new runtime version = one line in the matrix array. Nothing else.

Security fixes

• ${{ github.event.ref }} moved to env var in all Check Tag steps (shell injection)
• Slack payload built with jq --arg throughout (JSON injection)
• steps.X.outcome moved to env vars in failure-capture steps
• Missing actions/checkout added to dotnet notify job (was a runtime crash)

Test plan

• Push a v*_nodejs tag — verify exactly 1 Slack message with all 4
  versions (20, 22, 24, Universal)
• Simulate a publish failure — verify failure reason shows correctly in Slack
• Verify notify job fires even when all upstream jobs fail/cancel
• Add a version to Python matrix — verify no other file changes needed