[codex] Remove duplicate release workflow

[jayscambler]

Summary

This removes the duplicate release.yml workflow and keeps the existing tag-driven publish.yml workflow as the only supported package publication path.

Why this change

We now have clear evidence that .github/workflows/publish.yml is the working trusted-publisher path for both PyPI and npm. It successfully published autoctx 0.2.1 from the v0.2.1 tag after release environment approval.

At the same time, .github/workflows/release.yml created a second, conflicting release path. It duplicated the publication surface, used a different auth model, and failed during the same release cycle. Keeping both workflows invites the exact confusion we just had: one workflow is the real trusted-publisher path, while the other looks authoritative but is not aligned with the established release configuration.

Root cause

We added a second manual release workflow instead of standardizing on the already-working tag-triggered publish workflow. That split the release process across two GitHub Actions definitions with different assumptions about authentication and operator behavior.

Fix

This PR:

• deletes .github/workflows/release.yml
• updates docs/release-checklist.md to explicitly treat .github/workflows/publish.yml as the only supported publish workflow
• makes the release checklist call out the tag-driven publish flow and release environment approval step

Validation

• reviewed origin/main workflow definitions directly
• confirmed publish.yml is the workflow that successfully published 0.2.1
• confirmed the duplicate release.yml path was the one that failed and caused operator confusion