Refactor RNW release pipelines to prepare via PRs instead of main-branch commits

[vmoroz]

Background

Today our release flow is split between two ADO pipelines:

• publish.yml runs on a schedule, uses Beachball to bump versions, generates .tgz packages, publishes them directly to npmjs.com, and creates NuGet packages.
• After that completes, release.yml pushes the NuGet packages to nuget.org.

Because publish.yml commits the version bumps straight to main, we have to keep rotating a PAT with force-push rights. This bypasses branch protection and is increasingly out of line with SDL expectations.

Proposal

Move the version bump and release prep into a scheduled pipeline that raises a release PR, and only build/publish artifacts once the PR merges:

1. Add prepare-release.yml (same cadence as today’s publish.yml):

   • Run beachball bump to update package versions/changelogs and commit them to a release_request/<date> branch.
   • Generate the release manifest and open/update a PR targeting main or the corresponding release branch.

2. When the PR merges, run the existing publish.yml:

   • Build the repo and create npm .tgz plus NuGet artifacts, but do not push to registries yet.

3. Finally, let release.yml publish those artifacts to npmjs.com and nuget.org.

This keeps all commits to main and other release branches going through protected PRs, removes our dependency on elevated PATs, and aligns the release flow with SDL guidance.