Add Fission post-build package, release, and Partner Center MSIX lifecycle

[zcourts]

Summary

This PR adds Fission's first post-build packaging, publishing, and release-management lifecycle. This is not a small hardening pass over an existing release system: it introduces the CLI command surface, project/RFC model, artifact manifests, credential vault, package readiness, release metadata workflows, release-content automation, store/provider distribution, GitHub/static/cloud/file publishing support, and Microsoft Store MSIX submission support.

The goal is to make Fission cover the lifecycle after build: produce platform artifacts, validate release readiness, prepare store content, upload/distribute artifacts, manage provider metadata, track receipts, and give CI/automation stable JSON outputs.

New CLI Surface

• Adds fission package for producing package artifacts and artifact-manifest.json outputs.
• Adds fission distribute with setup, publish, status, promote, and rollback actions where providers support them.
• Adds fission readiness package|distribute|release for focused preflight checks before packaging or uploading.
• Adds release lifecycle command groups:
  • release-config for metadata editing/import/diff/validate/push.
  • release-content for screenshot/content capture, render, and validation.
  • auth for encrypted provider credential setup/status/import/logout/rotate/audit.
  • signing for platform signing status/import/sync.
  • beta for beta groups/testers/distribution workflows.
  • reviews for store review listing/reply workflows.
  • release-workflow for named workflow recipes.
• Splits the CLI into production modules instead of keeping release/publish logic in the monolithic CLI file.

Packaging and Artifact Manifests

• Adds platform package formats and readiness flow for:
  • Linux .run.
  • macOS .app and .pkg.
  • Windows .exe, .msi, and .msix paths.
  • Android .apk and .aab paths.
  • iOS .ipa path.
  • Web/site static packages.
• Adds artifact-manifest.json generation with file metadata, hashes, MIME types, target, format, profile, root directory, project identity, validation state, and secondary release artifacts.
• Adds static package metadata files for route manifests, asset manifests, MIME maps, cache policy, and headers.
• Adds support for configured secondary artifacts such as debug symbols and crash diagnostics.
• Adds validation/readiness checks for primary artifact existence, zero-byte files, signing verification where platform tools are available, and install-smoke receipt state.
• Adds platform-owned packaging/signing readiness checks for Android SDK/NDK/build-tools, Xcode/macOS tools, Windows SDK tools, WiX/MSI, MSIX, SignTool, and bundletool.
• Adds macOS signing/notarization hooks for app/pkg packaging.

Distribution Providers

• Adds direct file/cloud distribution providers:
  • S3-compatible object storage through the Rust AWS SDK.
  • Google Drive resumable upload.
  • OneDrive upload sessions.
  • Dropbox simple and chunked upload sessions.
• Adds static hosting providers:
  • GitHub Pages workflow/branch publishing support.
  • Cloudflare Pages status/lifecycle support with Wrangler as the explicit upload backend.
  • Netlify API deploy/status/lifecycle support.
• Adds real store distribution provider implementations for the currently supported store paths:
  • Google Play: creates an edit, uploads APK/AAB artifacts, updates the selected track, validates the edit, and commits it.
  • App Store Connect: uploads IPA artifacts through Apple's Xcode upload tooling and records follow-up for build processing/TestFlight/App Review assignment.
  • Microsoft Store MSI/EXE: updates and commits package metadata through the Store submission API using a durable package URL, with optional submit behavior.
  • Microsoft Store Partner Center MSIX/MSIXUPLOAD: submits through Microsoft Store Developer CLI (msstore publish) using the package file in the artifact manifest, supports public submissions, package flights, rollout percentage, draft/no-commit behavior, explicit commit intent, optional msstore reconfigure, and msstore status checks.
• Adds status/readiness checks for file providers, static providers, and store providers.
• Adds distribution receipts so uploads/status/lifecycle actions leave auditable output under target/fission/distribution.

Microsoft Store Partner Center / MSIX

• Adds Microsoft Store MSIX/MSIXUPLOAD publishing through Microsoft Store Developer CLI (msstore publish) instead of the MSI/EXE durable-package-URL API path.
• Supports public submissions and package flights: --track public, --track private via distribution.microsoft_store.flight_id, or --track <flight-id> for an explicit Partner Center package flight.
• Keeps MSIX submissions as drafts by default with no-commit behavior; committing requires distribution.microsoft_store.submit = true or --track public --yes.
• Supports staged rollout with distribution.microsoft_store.package_rollout_percentage.
• Supports CI/dev-machine setup via existing msstore configuration, or optional distribution.microsoft_store.msstore_reconfigure = true using Partner Center tenant/client/seller credentials.
• Adds MSIX-specific readiness checks so .msix/.msixupload artifacts require msstore and do not incorrectly require the MSI/EXE package_url.
• Adds MSIX status support through msstore submission status and msstore flights submission status.

GitHub Releases

• Adds github-releases as a distinct provider from github-pages.
• Treats GitHub Releases as artifact distribution, not static-site hosting.
• Uploads any files listed in artifact-manifest.json, including installers, APK/AAB/IPA packages, archives, debug symbols, crash diagnostics, zipped static-site outputs, and custom secondary artifacts.
• Optionally uploads artifact-manifest.json itself so consumers and CI can verify hashes, sizes, MIME types, target, format, profile, and validation state.
• Uses the GitHub CLI (gh) rather than direct REST calls so Fission works with an existing gh auth login session.
• Supports release status, create/update, asset upload, configured --clobber, draft/prerelease/latest metadata, release notes files, and receipts.

Release Metadata, Store Content, and Reviews

• Adds release metadata sidecar validation so fission.toml remains the root but long-form notes/review/privacy/listing content can live in referenced files.
• Adds Google Play metadata sync support.
• Adds App Store metadata sync support.
• Adds Microsoft Store metadata sync support.
• Adds App Store build status checks.
• Adds provider API status checks.
• Adds store review operations for Google Play and App Store flows.
• Adds beta/tester operations for Google Play and App Store flows, including group/tester import/export/sync-style workflows where implemented.
• Adds release workflow recipes so project-specific release sequences can be declared and run.
• Adds a release-config TUI entrypoint.

Release Content

• Adds release-content validate and release-content render for store screenshots, preview videos, feature graphics, trailers, review attachments, and provider-specific asset requirements.
• Adds screenshot scenario validation and test-control driven screenshot capture.
• Adds rendered release-content manifests with SHA-256 hashes, file sizes, image dimensions, provider, source directory, and output directory.
• Adds provider asset checks for count, format, file size, and dimensions.
• Adds capture failure diagnostic receipts with logs and scenario metadata.

Credentials and Auth

• Adds an encrypted local release credential vault backed by OS key storage and AEAD-encrypted provider records.
• Adds fission auth login/status/logout/import/rotate/audit/setup workflows.
• Keeps secrets out of fission.toml; provider credentials come from environment variables, CI secrets, the user's authenticated provider tooling, or the Fission vault.
• Aligns GitHub Releases with GitHub Pages by using the user's existing gh authentication.
• Adds Microsoft Store MSIX support that can use an already configured msstore session or explicitly run msstore reconfigure from configured Partner Center credentials when requested.

RFC and Documentation

• Adds/updates docs/post-build-lifecycle.md as the self-contained RFC for package, release, distribution, auth, static hosting, store lifecycle, release content, signing, beta, reviews, provider receipts, readiness checks, and CI workflow expectations.
• Documents Microsoft Store MSIX/MSIXUPLOAD submission, msstore usage, package flights, no-commit draft behavior, explicit submit behavior, rollout percentage, and config fields.
• Adds docs/rfc-developer-tooling.md for the mature developer tooling ecosystem around Fission.
• Updates CLI/target documentation for the new commands and platform lifecycle direction.
• Updates the website publishing workflow to build/publish the Fission static documentation site.

Verification

• cargo test -p fission-cli

Current result: 47 tests passing.