fix(wear): require release keystore for wear bundle signing

[c0d3rb4b4]

Motivation

• The Wear AAB uploaded to Play Console was rejected because it was signed with the wrong (debug) key instead of the expected release/upload key.
• The Wear module previously used the debug keystore for release builds which can cause accidental uploads signed with the wrong certificate.

Description

• Updated apps/mobile/android/wear/build.gradle to detect release tasks and require injected release signing properties (android.injected.signing.*).
• Added a release signing config that reads storeFile, storePassword, keyAlias, and keyPassword from Gradle-injected properties provided by EAS/CI.
• Switched the release build type to use signingConfigs.release instead of the debug keystore.
• Added a fail-fast GradleException with a clear message when a release build is requested but signing properties are missing.

Testing

• Ran ./gradlew :wear:assembleDebug from apps/mobile/android, which failed due to Permission denied for the wrapper in this environment.
• Ran bash ./gradlew :wear:assembleDebug from apps/mobile/android, which failed while downloading the Gradle distribution because the environment blocks external network/proxy access (HTTP/1.1 403 Forbidden).
• No further automated verification could be completed here due to the environment network/proxy and executable restrictions, but the change is limited to apps/mobile/android/wear/build.gradle and is designed to be verified by running a release build in EAS (or locally passing android.injected.signing.* properties) and confirming the AAB is signed with the expected upload key.

---

Codex Task

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f6e4f65d67

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Limit release-signing guard to :wear release tasks

This check treats any Gradle task name containing release as a wear release build, so running unrelated commands like :app:assembleRelease will still throw [wear] Missing release signing config if wear signing props are absent. Because wear/build.gradle is evaluated during configuration, this can block non-wear release workflows that previously did not require wear credentials; the guard should be scoped to :wear release tasks (or task graph entries for the wear module) rather than global task names.

Useful? React with 👍 / 👎.