fix(release): harden fleet publish gates

[JSONbored]

Summary

• hardens aio-fleet release and publish tag integrity checks
• disables recursive submodule checkout for pull_request targets even when a repo enables submodules for main
• restores authenticated dashboard safety gh calls after the dashboard token env rename

What changed

• release package tags now allow post-release changelog-format commits only when the final diff is exactly CHANGELOG.md
• release publishing uses the same changed-file guard before targeting a formatted follow-up commit
• poll/manual app checkout expressions reject recursive submodules for pull_request events
• safety.py now maps dashboard/upstream/check/app tokens into GH_TOKEN for its direct gh calls and strips alternate token env names from the child process
• regression tests cover forged runtime changes, PR submodule denial, and dashboard safety gh authentication

Why

• closes the remaining supply-chain boundary issues around forged release subjects, privileged PR submodule checkout, and unauthenticated dashboard safety reads

Validation

• .venv/bin/python -m pytest -q
• .venv/bin/python -m pytest tests/test_safety.py tests/test_fleet_dashboard.py -q
• .venv/bin/python -m pytest tests/test_registry.py tests/test_release.py tests/test_poll.py tests/test_control_plane_workflow.py -q
• .venv/bin/python -m aio_fleet.cli validate-repo --repo mem0-aio --repo-path /Users/shadowbook/Documents/mem0-aio
• .venv/bin/python -m aio_fleet.cli validate-repo --repo dify-aio --repo-path /Users/shadowbook/Documents/dify-aio
• .venv/bin/python -m aio_fleet.cli validate-repo --repo unraid-aio-template --repo-path /Users/shadowbook/Documents/unraid-aio-template

Notes

• Docker Hub public template cleanup was handled operationally outside this PR; future template-profile publishes remain blocked by existing aio-fleet policy.