chore: Replace GoReleaser with custom build scripts

[aaron-zeisler]

Summary

• Replace the 529-line .goreleaser.yml with focused shell scripts that handle cross-compilation, system packaging, and Docker image builds independently
• Remove the GoReleaser dependency entirely in favor of go build, standalone nfpm, and docker buildx
• Introduce scripts/release.sh as a single orchestration entry point, keeping the publish action and Makefile minimal
• Preserve all existing release artifacts, attestation outputs, and dry-run support

Motivation

GoReleaser is opaque and difficult to debug when releases fail. Other LaunchDarkly teams (gonfalon, event-recorder, streamer, foundation) don't use it, and sdk-meta already removed it. The new scripts are individually testable, readable (~60-100 lines each vs 529 lines of YAML), and follow patterns established elsewhere in the org.

Changes

File	Description
scripts/release.sh	New — Orchestrates the full release pipeline (cross-compile → packages → Docker)
scripts/cross-compile.sh	New — Builds all 9 OS/arch targets, produces .tar.gz archives + checksums.txt + metadata.json
scripts/build-packages.sh	New — Uses standalone nfpm to create .deb/.rpm packages (uses envsubst for config variable expansion)
scripts/docker-build.sh	New — Uses docker buildx for multi-platform builds, creates multi-arch manifests
nfpm.yml	New — Standalone package config (was embedded in GoReleaser)
.github/actions/publish/action.yml	Simplified to a single "Build release artifacts" step calling release.sh
.github/workflows/ci.yml	Added nfpm installation for Docker Scout scan job
Makefile	publish and products-for-release are now one-liners calling release.sh
Dockerfile*.goreleaser	Unchanged — no modifications needed; docker-build.sh passes the binary directory as the build context
.goreleaser.yml	Deleted
scripts/run-goreleaser.sh	Deleted

Architecture

scripts/release.sh [--dry-run] [VERSION]
  ├── scripts/cross-compile.sh --keep-build [VERSION]
  │     → dist/*.tar.gz, dist/checksums.txt, dist/metadata.json
  │     → dist/build/ld-relay_<ver>_<os>_<arch>/ld-relay (retained for subsequent steps)
  ├── scripts/build-packages.sh [VERSION]
  │     → dist/*.deb, dist/*.rpm
  └── scripts/docker-build.sh [--dry-run] [VERSION]
        → Docker images pushed (or --load for local scanning)
        → dist/images_and_digests.json

Each script can also be run independently for debugging or selective builds.

Test plan

• scripts/cross-compile.sh — all 9 targets build successfully (tested locally)
• scripts/build-packages.sh — all 8 packages (4 arch × deb + rpm) built successfully (tested locally)
• scripts/docker-build.sh --dry-run — all 10 Docker images built and loaded locally (tested locally)
• scripts/release.sh --dry-run — full end-to-end pipeline completes successfully (tested locally)
• End-to-end dry-run via the publish action in CI
• Verify artifact names match existing GitHub Release naming conventions
• Verify internal deployment (Ansible) can still fetch linux_amd64.tar.gz

JIRA

SDK-2337