feat: add release build workflow with comparison against release script

[skjnldsv]

Summary

Adds a GitHub Actions workflow that builds Nextcloud release archives independently and compares the output against the release script's assets, on the same release.

This runs in parallel with the existing changelog workflow. Once the output matches the release script consistently, the release script can be retired and this workflow takes over publishing.

How it works

1. Trigger: release: published (same event as changelog) or workflow_dispatch
2. Build: 29 parallel jobs fetch all components, run composer, clean dev files
3. Assemble: merge into nextcloud/ structure, update version.php, sign, create archives
4. Compare: download the release script's tar.bz2 from the same GitHub release, diff file lists

The compare step downloads the assets that the release script attached to the same release. Since both build from the same branch HEAD at the same time, the diff should be near-zero. Any differences indicate bugs in either the workflow or the release script.

Build configs

Per-version configs in build/ directory:

• build/stable32.json / build/stable33.json: 27 components
• build/stable34.json / build/master.json: 29 components (+files_lock, +office)

Secrets needed

Secret	Purpose
SIGN_PRIVATE_KEY	Code signing (optional, skips if not set)
SIGN_CERTIFICATE	Test signing cert (optional, falls back to repo cert)
RELEASE_TOKEN	PAT for private repos like support (optional)

Test plan

• Run via workflow_dispatch with tag v33.0.4 to test against existing release
• Verify compare step downloads and diffs correctly
• Check step summary for comparison table
• Wait for next real release to test release: published trigger

[skjnldsv]

Merging into #74 as part of the orchestrator refactor.