ci: publish codex-app-server release artifacts

[bolinfest]

Why

The VS Code extension and desktop app do not need the full TUI binary, and codex-app-server is materially smaller than standalone codex. We still want to publish it as an official release artifact, but building it by tacking another --bin onto the existing release cargo build invocations would lengthen those jobs.

This change keeps codex-app-server on its own release bundle so it can build in parallel with the existing codex and helper bundles.

What changed

• Made .github/workflows/rust-release.yml bundle-aware so each macOS and Linux MUSL target now builds either the existing primary bundle (codex and codex-responses-api-proxy) or a standalone app-server bundle (codex-app-server).
• Preserved the historical artifact names for the primary macOS/Linux bundles so scripts/stage_npm_packages.py and codex-cli/scripts/install_native_deps.py continue to find release assets under the paths they already expect, while giving the new app-server artifacts distinct names.
• Added a matching app-server bundle to .github/workflows/rust-release-windows.yml, and updated the final Windows packaging job to download, sign, stage, and archive codex-app-server.exe alongside the existing release binaries.
• Generalized the shared signing actions in .github/actions/linux-code-sign/action.yml, .github/actions/macos-code-sign/action.yml, and .github/actions/windows-code-sign/action.yml so each workflow row declares its binaries once and reuses that list for build, signing, and staging.
• Added codex-app-server to .github/dotslash-config.json so releases also publish a generated DotSlash manifest for the standalone app-server binary.
• Kept the macOS DMG focused on the existing primary bundle; codex-app-server ships as the regular standalone archives and DotSlash manifest.

Verification

• Parsed the modified workflow and action YAML files locally with python3 + yaml.safe_load(...).
• Parsed .github/dotslash-config.json locally with python3 + json.loads(...).
• Reviewed the resulting release matrices, artifact names, and packaging paths to confirm that codex-app-server is built separately on macOS, Linux MUSL, and Windows, while the existing npm staging and Windows codex zip bundling contracts remain intact.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2e5744dd4a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".