Replace artifact upload/download with cryptographic chain-of-custody verification

This commit integrates the new verified artifact actions from wamp-cicd to
replace standard GitHub Actions artifact handling with cryptographically
verified transfers that include automatic retry logic for GitHub storage
eventual consistency issues.

Changes:

1. wheels-docker.yml (line 478-484):
   - Replaced upload-artifact@v4 with upload-artifact-verified
   - Changed from file patterns to directory path (wheelhouse/)
   - Automatic CHECKSUMS.sha256 and meta-checksum generation

2. wheels-arm64.yml (line 414-419):
   - Replaced upload-artifact@v4 with upload-artifact-verified
   - Changed from file patterns to directory path (wheelhouse/)
   - Automatic CHECKSUMS.sha256 and meta-checksum generation

3. release.yml (multiple locations):
   - Replaced download-artifact@v4 with download-artifact-verified for:
     * wheels-macos-arm64 (3 occurrences)
     * wheels-windows-x86_64 (3 occurrences)
     * source-distribution (3 occurrences)
     * linux-wheels-no-nvx (3 occurrences)
   - Removed 12 manual "Re-verify" steps (replaced by built-in verification)
   - Added max-attempts: 3 and retry-delay: 60 for all downloads
   - Preserved continue-on-error behavior for optional artifacts

Technical improvements:

- Two-level cryptographic verification:
  1. Meta-checksum verifies CHECKSUMS.sha256 integrity
  2. Individual file checksums verify each artifact file

- Automatic retry logic with delay handles GitHub Actions storage eventual
  consistency issues (artifacts marked "completed" before async writes finish)

- Filesystem sync before/after checksum generation ensures QEMU buffer flush

- Self-contained verification (checksum files travel with artifacts)

- Fail-safe design: only succeeds after complete verification

Note: Pattern-based downloads (artifacts-*, artifacts-arm64-*) still use
standard download-artifact@v4 with merge-multiple because the verified action
doesn't yet support pattern matching. These artifacts are protected at upload
time by the verified upload actions in wheels-docker.yml and wheels-arm64.yml.

Related issues:
- Addresses artifact corruption detected in run 18516073936
- Implements solution discussed in issue #1714

Author: oberstet