Add a "release-gate" step to the release workflow (#24365)
Mirrors https://github.com/astral-sh/uv/pull/18804
You can see the environment policies I'll apply following merge at
https://github.com/astral-sh/github-policies/tree/main/environments
Also updates the Docker workflow to avoid using release secrets when not
pushing.
