Harden Sparkle release validation

[progresshans]

Summary

• simplify generated release notes
• validate the Sparkle public key before release packaging proceeds
• fail release packaging when the generated appcast is missing an EdDSA signature
• document the Sparkle key formatting requirement for maintainers

Why

A malformed update signing configuration can produce a build that cannot start Sparkle update checks. The release workflow should fail before publishing that kind of artifact.

Validation

• swift test
• bash -n script/package_release.sh
• GitHub Actions workflow YAML parse check
• git diff --check

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8cbf7edad9

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9395f5ca3b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".