Cardano Updates

Signed-off-by: Yurii Shynbuiev <[email protected]>
Co-authored-by: mix irving <[email protected]>
Co-authored-by: Claude Opus 4.7 (1M context) <[email protected]>

- Use Text.unlines in prettyRelevanceArray and forHuman ContextDump
- Rename JSON keys eventsPerSecond and catchUpRatio to camelCase
- Simplify printArray to build a single Text value
- Use maybe [] Map.toList instead of Map.toList . fromMaybe Map.empty

Closes #5281.

Three related fixes to the release pipeline, each in its own commit.

## 1. `chore(release): trim signatures template to current maintainers`

`scripts/release/release-template.md` shipped a 6-row signature table.
The
only currently-active wallet maintainers signing releases are Paolo
Veronelli (@paolino) and Pawel Jakubas (@paweljakubas). Removed the
other
rows so the templated release body no longer needs hand-editing for the
signature section.

## 2. `ci: pin Windows runners to windows-2025-vs2026`

Windows jobs emit a deprecation notice on `windows-latest`:

```
NOTICE: windows-2025 requests are being redirected to windows-2025-vs2026 by May 12, 2026
```

Pinned the four Windows job sites to the new explicit label:
- `.github/workflows/release.yml` (release e2e-windows)
- `.github/workflows/verify-release.yml` (verify-windows)
- `.github/workflows/windows-e2e.yml` (e2e-tests)
- `.github/workflows/windows.yml` (unit-tests)

`windows-2025-vs2026` is GA on GitHub-hosted runners (per
`actions/runner-images#14016`, May 7, 2026). `actionlint` does not yet
know the label; the warning it prints is a tooling lag, not a real
problem.

## 3. `fix(release): require manual publish for real releases`

This addresses two distinct bugs that share the same root cause: the
pipeline publishes too eagerly.

### Bug A — releases auto-undrafted before notes are reviewed

The `publish-release` job called `gh release edit --draft=false`
automatically once `verify-assets` passed. That published
v2026-05-11 as a prerelease with the raw template body — Docker link
placeholder still saying `FIX THIS LINK BY INSPECTING DOCKERHUB !`,
`Fixed/Added/Changed/Removed` sections empty, defunct signers
listed. Notes had to be rewritten in place after the release was
already public.

### Bug B — `releases/latest` API followed `nightly`

```
$ gh api repos/cardano-foundation/cardano-wallet/releases/latest --jq .tag_name
nightly
```

`nightly` is published as a non-prerelease, non-draft release. With
the default `make_latest=legacy` rule, GitHub picks the most recently
published non-prerelease release as Latest — which is `nightly`
every morning, until the next real release. So the "Latest" pointer
on the repo silently followed nightly builds.

### Fixes

`release.yml`:

- `create-release`: `gh release create` now passes `--prerelease` when
`IS_RELEASE != 'true'`. Nightly/test stop overtaking semver releases as
  GitHub's "Latest".
- `publish-release`: auto-un-drafts only nightly/test. For real
  releases it logs a notice ("Edit notes and click Publish in the UI")
  and leaves the draft in place. The maintainer reviews + publishes
  manually.
- `push-docker`: skipped on the release path. Tags renamed to
  reflect it now only handles nightly/test. The `latest` tag push is
  removed (it was already conditional on `IS_RELEASE`, which is now
  always false here).
- `update-docs`: removed from `release.yml`.

New `.github/workflows/publish-release.yml`:

- Triggered on `release.published` (filter:
`!github.event.release.prerelease`).
- `push-docker`: downloads the `cardano-wallet-<tag>-docker-image.tgz`
asset from the release, pushes `cardanofoundation/cardano-wallet:<tag>`
  and `:latest`.
- `update-docs`: checks out `gh-pages`, runs
  `releases/make_redirects.sh "<tag>"`, pushes.

### Flow after this PR

- **Nightly cron**: same UX as before — workflow runs end-to-end,
  release un-drafts as a prerelease, docker `nightly` tag pushed. No
  human action needed. GitHub "Latest" pointer no longer changes.
- **Real release**: workflow builds, verifies, uploads assets to a
  draft. Stops there. Maintainer edits the release notes, then
  clicks "Publish release" in the GitHub UI. That fires
  `release.published`, which runs `publish-release.yml` to push the
  docker image (`<tag>` and `latest`) and update gh-pages redirects.

## Test plan

- [ ] Nightly cron run: release is created as draft prerelease,
un-drafted
by publish-release, `releases/latest` still points to the most recent
      semver release.
- [ ] Manual release run: draft is created, publish-release logs the
notice URL, draft stays as draft, docker is NOT pushed yet, gh-pages
      not updated.
- [ ] Click "Publish release" in the UI: `publish-release.yml` runs,
      docker `<tag>` and `:latest` pushed to Docker Hub, gh-pages
      redirects added.
- [ ] Windows jobs no longer emit the `windows-2025 -> vs2026` redirect
      notice.
- [ ] Templated release body's signature table contains only Paolo and
      Pawel.

Adds a short pointer in docs/README.md explaining that
docs/docusaurus is built as part of the hyperledger-identus/docs
repository, where the over-arching configuration lives and
loads these docs in as a git submodule.

Supersedes #1446 (which became stale and conflicted on main);
also fixes a typo ("heald" -> "held") and refreshes the link to
the current hyperledger-identus/docs repo.

Co-Authored-By: mix irving <[email protected]>
Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
Signed-off-by: Yurii Shynbuiev <[email protected]>