Add PyPI publish CD (release-labelled PR -> build & upload)

[poissoncorp]

What

Adds a two-stage, PR-gated CD pipeline that publishes ravendb (the Python client) to PyPI via GitHub Actions.

• prepare-release.yml (manual): run from the Actions tab with a version input. Bumps both version= in setup.py and RequestExecutor.CLIENT_VERSION in ravendb/http/request_executor.py (matching how releases are bumped today), then opens a PR labelled release.
  • setup.py gets the full PEP 440 version (incl. any .postN/.devN/rcN suffix); CLIENT_VERSION gets the clean release number only — e.g. a 7.2.1.post1 hotfix keeps CLIENT_VERSION = "7.2.1", exactly as in commit 80e29f9.
• publish.yml: when a PR carrying the release label is merged, builds sdist+bdist_wheel, uploads to PyPI via twine using __token__, then creates the <version> git tag + GitHub release (matching the existing 7.2.x tag convention, no v prefix). Also runnable manually as a fallback.

How to release

1. Actions → "Prepare release PR" → Run workflow → enter e.g. 7.2.3.
2. Review the generated PR (both setup.py and request_executor.py should be bumped).
3. Merge it (keep the release label) → the package publishes automatically.

Remove the release label before merging to merge without publishing.

Required setup (one-time)

• Add repo secret PYPI_API_TOKEN — a project-scoped PyPI API token.
• Settings → Actions → General → Workflow permissions → enable "Allow GitHub Actions to create and approve pull requests".

Notes

• A human merge of the labelled PR triggers publish (the bot opening the PR with GITHUB_TOKEN does not auto-trigger).
• publish.yml evaluates on every closed PR but only proceeds for merged + release-labelled PRs.
• twine --skip-existing keeps re-runs idempotent.
• Existing RavenClient.yml (tests) is untouched.