ci(release): create GitHub Release via gh CLI

Replace softprops/action-gh-release with the preinstalled GitHub CLI so org action allowlists that only permit GitHub-owned actions still pass.

Author: AlbinoGeek

.github/workflows/release.yml

@@ -60,10 +60,11 @@ jobs:
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
-      - name: Upload release asset
-        uses: softprops/action-gh-release@v2
-        with:
-          files: ${{ steps.pack.outputs.tarball }}
-          generate_release_notes: true
+      - name: Create GitHub Release (official gh CLI, no third-party action)
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          set -euo pipefail
+          gh release create "${GITHUB_REF_NAME}" "${{ steps.pack.outputs.tarball }}" \
+            --verify-tag \
+            --generate-notes