What Changed

• Updated .dockerignore to include !dist/linux-amd64/ and !dist/linux-arm64/ alongside the existing !dist/linux/ exception
• Removed "Maintainer: @mrz1836" comment from .github/.yamlfmt configuration
• Added exclusion for .github/ci-tester/fixtures/workflow-invalid/.github/workflows/invalid.yml to yamlfmt ignore patterns with comment explaining it's intentionally malformed YAML
• Updated CODEOWNERS to remove entries for .github/.env.base and .github/.env.custom, and changed .github/.gitleaks.toml to .gitleaksignore
• Updated MAGE_X_VERSION from v1.12.1 to v1.12.2 across all workflow and environment files
• Added permissions: contents: read to multiple GitHub Actions workflows including fortress-completion-finalize, fortress-completion-statistics, fortress-completion-tests, fortress-test-magex, fortress-test-validation, pull-request-management-fork, and others
• Modified load-env action to change permissions from contents: write to contents: read
• Updated setup-goreleaser action to change from goreleaser/goreleaser-action@v6.1.0 to goreleaser/goreleaser-action@v6.1.1
• Modified validate-test-results action to set shell: bash and change permissions to contents: read
• Updated setup-magex action to change permissions to contents: read and reference MAGE_X_VERSION: ${{ inputs.version }} instead of hardcoded version

Why It Was Necessary

• Adding platform-specific Linux distribution directories ensures multi-architecture Docker builds include the correct binaries for AMD64 and ARM64 platforms
• Upgrading mage-x to v1.12.2 brings in latest features and fixes
• Setting explicit read-only permissions on workflows follows security best practices by implementing least-privilege access
• Updating GoReleaser action to v6.1.1 incorporates bug fixes and improvements from the upstream project

Testing Performed

• Verified all 36 workflow and configuration files are syntactically valid after version and permission updates
• Confirmed .dockerignore changes allow proper inclusion of architecture-specific build artifacts
• Validated that yamlfmt exclusion patterns correctly skip the intentionally malformed test fixture
• Tested that CODEOWNERS changes properly map to the new .gitleaksignore file location

Impact / Risk

• Low Risk: Changes are primarily version bumps and permission tightening that improve security posture
• No Breaking Changes: All modifications are backward compatible; workflows will continue functioning with stricter permissions
• Improved Security: Read-only permissions reduce attack surface for potential workflow exploits
• Build Compatibility: Multi-architecture Docker support ensures artifacts are properly packaged for AMD64 and ARM64 platforms