fix(release): mark workspace safe for git in manylinux containers

Inside quay.io/pypa/manylinux_2_28_* the workspace is owned by the
runner's UID but the container runs as root, so git refuses to read it
("dubious ownership"). That crashes setuptools-scm version resolution
during pip install -e . and breaks the linux-amd64 / linux-arm64 builds.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Signed-off-by: Sodawyx <sodawyx@126.com>

Author: Sodawyx

.github/workflows/release.yml

@@ -108,6 +108,14 @@ jobs:
           ref: ${{ needs.verify-version.outputs.tag }}
           fetch-depth: 0  # setuptools-scm needs full history + tags
 
+      # Inside the manylinux container the workspace is owned by a different
+      # UID than root, so git refuses to read it ("dubious ownership") and
+      # setuptools-scm version resolution fails during pip install.
+      - name: Mark workspace as safe for git (container)
+        if: matrix.container != ''
+        shell: bash
+        run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
       # manylinux images ship multiple Pythons under /opt/python; expose one.
       - name: Configure Python (manylinux container)
         if: matrix.container != ''