Use code-sign secrets from a GitHub environment (#18295)
Instead of generating test secrets in the workflow itself as was done in
https://github.com/astral-sh/uv/pull/18280 for testing.
This includes a script to generate self-signed certificates and adds
them to the `release-test` environment. We'll populate the real secrets
in the `release` environment. We may want a dedicated environment for
code-signing secrets? We also may want to sign with the real secrets on
`main` or similar.
