fix: run verify-assets, publish-release, push-docker on nightly (#5269)
## Summary
Follow-up to #5261 / #5262 / #5263. The nightly run at
https://github.com/cardano-foundation/cardano-wallet/actions/runs/24722289961
revealed two remaining issues:
1. **Default `success()` filter poisons the downstream chain.** When
`e2e-linux` / `e2e-windows` are skipped on nightly, the default
success() filter on jobs without an explicit `if:` treats the transitive
skip as non-success and skips them too. `verify-assets`,
`publish-release`, `push-docker` and `update-docs` were all skipped on
the nightly run even though `create-release` succeeded. (`push-docker`
has actually been skipped on every prior nightly for the same reason —
pre-existing.)
2. **Nightly asset filenames embed the release-version (date), not the
tag.** `gh release upload file#label` only sets the display label; the
real asset name stays as the source filename. So on nightly,
`cardano-wallet-v2026-04-21-linux64.tar.gz` is the real asset and
`cardano-wallet-nightly-linux64.tar.gz` is only a label. The new
`verify-release.yml` was downloading by
`cardano-wallet-\${TAG}-linux64.tar.gz` which would not match for
nightly.
## Changes
- `release.yml` — add `if: \${{ !cancelled() && needs.<upstream>.result
== 'success' }}` to `verify-assets`, `publish-release`, `push-docker`,
`update-docs`.
- `verify-release.yml` — linux/macos/windows download patterns use
`\$EXPECTED` (release-version) instead of `\$TAG`. Docker stays on
`\$TAG` since the docker asset is renamed by tag at upload time.
## Test plan
- [ ] Dispatch `release.yml` nightly against this branch
- [ ] Verify the four post-create-release jobs actually run
- [ ] Nightly release un-drafts after `publish-release`
- [ ] Docker image pushed to Docker Hub under `nightly` tag