Add GitHub Actions based release automation

[alcaeus]

This PR adds a GitHub Actions Workflow to create releases. The process is as follows:

• Users with write access trigger a new workflow run for the "Release new version" workflow, entering the version to be released
• The automation does some sanity checks on the branch name:
  ** Release <major>.<minor>.0 must be released from the maintenance branch (i.e. <major>.<minor>.x) or the master branch. If the master branch is selected, the automation will attempt to create a new maintenance branch
  ** Release <major>.<minor>.<patch> must be released from the maintenance branch (i.e. <major>.<minor>.x) - releasing from any other branches is not allowed
• The automation then updates the build version to <major>.<minor>.<patch> in build.gradle, commits this change and creates a tag
• After tagging, the version in build.gradle is updated to <major>.<minor>.<patch+1>-SNAPSHOT and again committed
• The maintenance branch and tag are pushed to the repository
• A draft release with generated release notes is created

I've tested the flow in my fork where I've confirmed it works. However, a couple of changes may be appropriate still:

• The automation currently uses the GitHub token of the user triggering the release. Since commits are being pushed directly, branch protection rules may interfere with the release process. In this case, we should add the mongodb-dbx-release-bot app to the repository and generate a token for the app. We can then allow the app to bypass branch protections
• If not all users with write access should have permission to create releases, we can set up an environment in GitHub settings and require that an authorised user approves the workflow run
• The release commits and tag are not signed; this could be added using the git-sign action
• Other release requirements related to the SSDLC effort (e.g. generating a SAST report, uploading SBOM, etc.) are not added yet and can be integrated based on the shared driver's GitHub Actions once they are ready.

Any additional build tasks (e.g. creating a package to upload to a package manager) can be done in a separate workflow that runs when a tag is pushed.

JAVA-5479

[jyemin]

This seems like a necessary thing to enable in the initial version, as we do have branch protection rules enabled.

[alcaeus]

Correct. In that case, you should follow these instructions (internal link) to request the mongodb-dbx-release-bot application to be added to all relevant repositories.

[jyemin]

Requested

[rozza]

🍿 Is this the last blocker?

[alcaeus]

It is - just waiting for our IT to enable the app here, then we're good to go :)

[jyemin]

Is there anything the blocks taking this out of Draft?

[alcaeus]

Is there anything the blocks taking this out of Draft?

Not really. I've rebased on top of master and added the release environment, which allows us to better protect the necessary credentials and also allows for adding additional checks (such as directly restricting which branches can be released).
Once the app has been added to the repository, we're good to start testing.

[jyemin]

LGTM. Thank you!