Use Azure artifact signing environment secrets

[shijie-oai]

Why

Windows release signing should read Azure signing credentials from the azure-artifact-signing environment instead of the old repo-level AZURE_TRUSTED_SIGNING_* names. The smoke runs confirmed the environment secrets resolve with the new AZURE_ARTIFACT_SIGNING_* names once the Windows signing job is attached to that environment.

What Changed

• Put the real Windows signing job in the azure-artifact-signing environment.
• Switch the Windows signing action inputs from AZURE_TRUSTED_SIGNING_* to AZURE_ARTIFACT_SIGNING_*.
• Drop the obsolete workflow_call.secrets declarations for the old repo-level secret names; the caller continues to use secrets: inherit.
• Remove the temporary branch-trigger and Windows-only smoke-test workflow changes before finalizing this PR.

Validation

• git diff --check -- .github/workflows/rust-release.yml .github/workflows/rust-release-windows.yml
• ruby -e 'require "yaml"; ARGV.each { |f| YAML.load_file(f); puts "yaml ok: #{f}" }' .github/workflows/rust-release.yml .github/workflows/rust-release-windows.yml

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f5bfe79594

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".