Automate pypi publishing (#4239)
<!-- CURSOR_SUMMARY -->
> [!NOTE]
> **Medium Risk**
> Introduces a new automated publishing workflow and modifies
dependency-install semantics in CI/Docker, which could cause release or
build failures if credentials, tags, or lockfile expectations are
misconfigured.
>
> **Overview**
> Adds an automated release pipeline: a new `release.yml` workflow
triggers on published GitHub releases, validates the tag matches
`unstructured.__version__`, builds via `uv build`, publishes to PyPI
using trusted publishing, and *best-effort* uploads the same artifacts
to Azure Artifacts via `twine`.
>
> Across CI, Docker, and Make targets, replaces `uv sync --frozen` with
`uv sync --locked` and adds `uv run --no-sync` where `uv sync` already
ran to avoid implicit re-syncing; introduces a new `release` dependency
group (adds `twine`), bumps version to `0.20.2`, and updates `uv.lock`
accordingly.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
c9555c9a327b0045663f2d1758f2932a4f9c7039. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
