Fix/pypi versioning

[eschaar]

Summary

Hardens and completes the release/CI pipeline reliability:

• Adds serialized release execution to prevent concurrent tag/release races.
• Moves GitHub Release creation to run only after successful build + PyPI publish.
• Strengthens tag existence validation to check refs/tags/<version> explicitly.
• Adds a wheel smoke test (pip install dist/*.whl + vstack --help) before artifact upload.
• Adds concurrency controls to Commit, QA, Security, and Verify workflows to cancel superseded runs.
• Standardizes PR template location under .github/PULL_REQUEST_TEMPLATE/.
• Updates changelog and Copilot instructions to enforce PR-template-aligned, English, copy-paste Markdown PR responses.

Why

PyPI publishing and release automation needed stronger safety guarantees after versioning issues (0.0.0 artifacts) and potential race conditions.
This change ensures deterministic release behavior, reduces CI noise/cost from duplicate runs, and improves process consistency.

Version impact

• None
• Patch
• Minor
• Major

[Copilot]

Pull request overview

This PR hardens the GitHub Actions release/CI pipeline to reduce versioning errors and race conditions during publishing, and standardizes PR template usage within the repository’s .github/ structure.

Changes:

• Adds workflow concurrency controls across CI workflows and serializes the main release workflow to prevent overlapping runs.
• Refactors release.yml to validate tags more explicitly, run a wheel smoke test, publish to PyPI before creating the GitHub Release, and ensure full git history is available for version derivation.
• Moves the PR template to .github/PULL_REQUEST_TEMPLATE/ and updates Copilot instructions accordingly; updates CHANGELOG.md with the release notes.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
CHANGELOG.md	Documents the pipeline/versioning hardening in a new 1.3.4 entry.
.github/workflows/commit.yml	Cancels superseded commit checks per branch via concurrency.
.github/workflows/qa.yml	Cancels superseded QA runs per branch via concurrency.
.github/workflows/security.yml	Cancels superseded security runs for the same PR ref via concurrency.
.github/workflows/verify.yml	Cancels superseded verify runs for the same PR ref via concurrency.
.github/workflows/release.yml	Serializes releases; improves tag checks; ensures full history; adds dynamic-versioning activation + wheel smoke test; creates GitHub Release only after PyPI publish.
.github/pull_request_template.md	Removes the legacy single-template location.
.github/PULL_REQUEST_TEMPLATE/pull_request_template.md	Adds the standardized PR template under the directory-based location.
.github/copilot-instructions.md	Updates template path reference and adds PR response-format requirements.

Comments suppressed due to low confidence (1)

.github/workflows/release.yml:35

• The comment on this permissions block is now inaccurate: this job only creates/pushes the git tag (GitHub Release creation was moved to a separate job). Updating the comment will help keep least-privilege intent clear when revisiting workflow permissions.

    permissions:
      # Needed for creating tags and GitHub releases.
      contents: write