ci: Add release workflow and documentation

[arcjet-rei]

Summary

• Adds a GitHub Actions release workflow (.github/workflows/release.yml) triggered by v* tag pushes that runs tests, publishes arcjet-gravity to crates.io, and creates a GitHub Release.
• Uses crates.io Trusted Publishing via rust-lang/crates-io-auth-action — no CARGO_REGISTRY_TOKEN secret is required. The publish job is wrapped in a release GitHub Environment so a manual approval gate can be configured if desired (matches the pattern used by arcjet-py and arcjet-js).
• Adds RELEASE.md documenting the end-to-end release process, prerequisites, and troubleshooting.

Setup required before the first release

This PR is the workflow definition only. Before a tag push will succeed, two pieces of out-of-repo configuration must be in place — see the general comment on this PR for context:

1. Create the release GitHub Environment in repo Settings → Environments. Optionally add required reviewers for a manual approval gate on the publish step.
2. Add a Trusted Publisher entry at https://crates.io/crates/arcjet-gravity/settings with: owner arcjet, repo gravity, workflow release.yml, environment release. Adding this requires user-level ownership on the crate, which is currently blocked on a help@crates.io ticket (the only existing user owner left the company).

Test plan

• Verify workflow YAML is valid (CI will check this)
• Review RELEASE.md for accuracy and completeness
• After the crates.io ownership / Trusted Publisher setup is sorted, test by tagging v0.0.3 (the version already on main) and pushing the tag

🤖 Generated with Claude Code

[arcjet-rei]

crates.io-side setup needed before this can ship

The workflow is now wired for Trusted Publishing, but the crates.io side has to be configured separately before a tag push will succeed. Currently blocked because crates.io is not recognising my arcjet/rust-team membership as granting owner access on arcjet-gravity (org OAuth approval, scopes, team slug, and full re-auth all check out — opening a help@crates.io ticket).

Current crate ownership on crates.io:

• User owner: blaine-arcjet — left the company, unreachable
• Team owner: github:arcjet:rust-team

emoran published the existing 0.0.1 and 0.0.2 versions from his personal cargo credentials; those credentials are not in our shared store and he is also no longer at Arcjet.

What I've asked crates.io to do (will cc you on the email)

1. Repair team-based ownership recognition for arcjet-gravity so members of arcjet/rust-team can act as owners.
2. Remove the stale user owner blaine-arcjet.
3. Add @davidmytton as a user owner of the crate (as Arcjet's founder, the durable user-level owner). User-level ownership is required to add/remove other owners — team membership alone doesn't grant that.

What needs to happen in this repo once crates.io access is restored

1. Create the release GitHub Environment in repo Settings → Environments. Optionally add required reviewers for a manual approval gate on the publish step.
2. Add the Trusted Publisher entry at https://crates.io/crates/arcjet-gravity/settings:
   • Repository owner: arcjet
   • Repository name: gravity
   • Workflow filename: release.yml
   • Environment: release
3. Merge this PR.
4. To cut 0.0.3: tag the existing bump version commit on main as v0.0.3 and push the tag.

No CARGO_REGISTRY_TOKEN secret is required anywhere — the workflow exchanges its OIDC token for a short-lived publishing token at runtime.

[arcjet-rei]

Also, speaking as myself and not being puppeted by Claude, We should have at least one more member on the Rust team so that we can get workflow approvals from somebody other than the submitter.