chore: harden CLV release workflow

[CroaBeast]

Summary

• track local CLV build libraries required by Gradle
• add GitHub Actions workflow to build and upload CLV artifacts
• add release workflow to generate prereleases and release notes from version commits
• harden CLV release artifact lookup
• improve release tag detection before recreating prereleases
• make version bump commit lookup more reliable during release note generation

Commits

• chore: track CLV build libraries
• chore: add CLV build and release workflows
• chore: harden CLV release workflow

[review-me-code]

Pull request overview

Adds CI/CD workflows for building and releasing CyberLevels. The build workflow compiles with Gradle and uploads artifacts, while the release workflow creates prereleases with auto-generated notes. Also tracks local build dependencies in git.

Changes:

• build.yml: New workflow triggered on push/PR to master, builds with Gradle 21, uploads versioned JAR artifact
• release.yml: New workflow triggered after successful builds, downloads artifacts, generates release notes from git history and GitHub API, creates prerelease
• gitignore: Adds exceptions for libraries/*.jar to track local build dependencies
• libraries/: Adds 3 JAR files (CyberCore, RivalHarvesterHoesAPI, RivalPickaxesAPI) as tracked dependencies

Reviewed changes

• Medium - Potential race condition with concurrent releases
  The concurrency group cyberlevels-release-${{ github.event.workflow_run.head_branch }} with cancel-in-progress: false allows multiple runs for the same branch to queue up. If there are multiple pushes to master in quick succession, you could end up with multiple release workflows running for different build runs, potentially creating conflicting releases. Consider using workflow_run ID in the concurrency group instead of branch name, or add logic to skip older queued runs.
• Low - Hardcoded version bump commit pattern
  Line 86 looks for chore: bump version to $VERSION to determine the changelog range. If version bumps use different formats or are missed, the fallback to previous release tags is solid, but this could be fragile in repos with inconsistent commit messages.
• Low - No verification of artifact integrity
  The release workflow downloads and uses the JAR without verifying checksums or signatures. For production releases, consider adding checksum verification or GPG signing.

Reviewed 6 changed files in this pull request and generated no inline comments.

---

Generated by pull_request.opened.

[Klema4]

Pls pls pls

[Klema4]

It's cool