ci: improve security by using GHA environments

[dunglas]

No description provided.

[Copilot]

Pull request overview

This PR improves CI security by moving sensitive workflow jobs onto GitHub Actions Environments, enabling environment-scoped secrets/variables and (optionally) environment protection rules for deployment/publishing paths.

Changes:

• Assigns a translate environment to the docs translation workflow job.
• Assigns a website environment to the docs deployment workflow job.
• Assigns a dockerhub environment to Docker image build/push jobs and switches DockerHub auth to vars.DOCKERHUB_USERNAME + secrets.DOCKERHUB_TOKEN.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File	Description
.github/workflows/translate.yaml	Runs translation job in the translate environment.
.github/workflows/static.yaml	Runs Docker publish-related jobs in the dockerhub environment and updates DockerHub credentials sources.
.github/workflows/docs.yaml	Runs website deployment trigger in the website environment.
.github/workflows/docker.yaml	Runs Docker build/push jobs in the dockerhub environment and updates DockerHub credentials sources.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[henderkes]

I can't actually see how the environments are defined, but CI is green, so good in my book.

[dunglas]

They are defined in GitHub settings.

[henderkes]

They are defined in GitHub settings.

I know, no permissions to read. But I think even if I did they'd be hidden.