Cardano Updates

Reverting to the gradle publish task would run without credentials:
6c8640f removed NPM_TOKEN from the workflow env, and the petuska
plugin's bundled npm is not the OIDC-capable CLI. The assembleJsPackage
dependency on npmBip32Wasm already makes the staged directory complete
for the npm CLI path, and the smoke test guards the tarball contents.

Co-Authored-By: Claude Opus 4.8 <[email protected]>
Signed-off-by: Pat Losoponkul <[email protected]>

Signed-off-by: Pat Losoponkul <[email protected]>

Signed-off-by: Hyperledger Bot <[email protected]>

Signed-off-by: Yurii Shynbuiev <[email protected]>

Signed-off-by: Yurii Shynbuiev <[email protected]>

The signing credential check only looked for signing.keyId property and
GPG_KEY_ID env var, missing the in-memory signing properties used by CI
(signingInMemoryKey / ORG_GRADLE_PROJECT_signingInMemoryKey). This caused
unsigned artifacts to be uploaded to Maven Central, which silently rejects
them during validation.

Co-Authored-By: Claude Opus 4.6 <[email protected]>
Signed-off-by: Yurii Shynbuiev <[email protected]>