review: gate release signing on all signing inputs (alias + key password)

Per Greptile: canSign only checked the keystore file + store password, so if
ALIAS_NAME/ALIAS_PASS were absent while the others were present, Gradle would build a
signing config with null alias/password and fail at packaging with an opaque error.
Require all of keystore-exists + storePass + alias + keyPass non-blank before enabling
release signing; otherwise skip cleanly.

Author: hawkff

buildSrc/src/main/kotlin/Helpers.kt

@@ -124,7 +124,10 @@ fun Project.setupAppCommon() {
     // otherwise skip it so debug / PR / keyless builds don't fail. Empty-string env vars
     // (unset GitHub secrets expand to "") count as absent.
     val releaseKeystore = rootProject.file("release.keystore")
-    val canSign = !keystorePwd.isNullOrBlank() && releaseKeystore.exists()
+    val canSign = releaseKeystore.exists() &&
+        !keystorePwd.isNullOrBlank() &&
+        !alias.isNullOrBlank() &&
+        !pwd.isNullOrBlank()
 
     android.apply {
         if (canSign) {