feat(platform): Add live USK catalog publishing

[leumor]

Summary

• Add explicit crypta-app publish-usk --live support for signed first-party catalog publication to a live Crypta USK while preserving deterministic --dry-run publication plans.
• Publish the catalog properties and sibling cryptad-app-catalog.signature through the localhost Platform API queue path with secure env/file secret inputs, public/private USK source correlation, no-proxy HTTP client behavior, retained staging sidecars, output preflight, and sanitized JSON/Markdown summaries.
• Extend app-catalog/app-update scheduler coverage, release-certification evidence, docs, and redaction checks for PR-238 live catalog publication and refresh discovery.

Test Plan

• ./gradlew spotlessApply
• ./gradlew :platform-devtools:test --tests '*PlatformApiLiveUskPublisherTest' --tests '*LiveUskPublicationServiceTest'
• ./gradlew :platform-devtools:test
• python3 tools/release-certification/app_platform_smoke.py --self-test
• python3 tools/release-certification/release_certification.py --self-test

Additional Verification

• python3 tools/release-certification/app_platform_smoke.py --mode release-candidate --out-dir build/app-platform-smoke-review-fix was run to inspect the generated live catalog refresh evidence. The live refresh evidence passed and preserved boolean check values; the overall local release-candidate smoke failed because signing/reviewer inputs were not configured (app-platform.signed-bundles, catalog.smoke, and app-review.first-party-catalog).

Notes

• Live-node insertion smoke was not run; no localhost Crypta node credentials or publication insert URI were configured for this environment.
• Generated evidence was reviewed to keep private insert URIs, form passwords, tokens, raw bodies, and absolute staging paths out of release artifacts.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 97a727dde8

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: dba63c5088

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 194c1d6a64

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[sonarqubecloud]

Quality Gate failed

Failed conditions
75.6% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud