Include container images and deployment artifacts in Apache release

[bobbai00]

Feature Summary

The current release process only produces a source tarball. Per Apache release policy, the release should contain everything a new user needs to get started, including deployment descriptors that reference auditable container images.

Following examples like Apache Flink Kubernetes Operator release model, the release should include signed binary artifacts alongside the source tarball.

Proposed Solution or Design

Add two binary release artifacts (GPG-signed + SHA512 checksummed) to the release candidate:

1. Docker Compose deployment bundle (apache-texera-VERSION-docker-compose.tar.gz)

   • Contains docker-compose.yml, .env (pinned to release version), nginx.conf, and sql/ init scripts
   • Self-contained: users extract and run docker compose up -d

2. Helm chart package (apache-texera-VERSION-helm.tgz)

   • Packaged via helm package with release version in Chart.yaml

Additionally:

• Parameterize image references in docker-compose.yml and Helm values.yaml using IMAGE_REGISTRY / IMAGE_TAG variables (defaults to ghcr.io/apache / latest in main branch; pinned to release version in artifacts)
• Update the build-and-push-images workflow to support both ghcr.io (via GITHUB_TOKEN) and Docker Hub
• Update the create-release-candidate workflow to produce and upload all three artifacts
• Update the vote email template to list container images and deployment verification checklist items

Release directory structure:

dist.apache.org/repos/dist/dev/incubator/texera/VERSION-RCN/
  apache-texera-VERSION-src.tar.gz          + .asc + .sha512
  apache-texera-VERSION-docker-compose.tar.gz + .asc + .sha512
  apache-texera-VERSION-helm.tgz            + .asc + .sha512

Container images are published to ghcr.io as convenience binaries, built from the voted-on source. The Dockerfiles in the source tarball enable audit and verification.