docs: sync deploy.md with current release workflow

[dormouse-bot]

Nightly survey found docs/specs/deploy.md had drifted from the actual .github/workflows/release.yml after the security-audit job was added and the old publish workflow was removed.

Changes

• Document the security-audit job. release.yml now runs build-standalone, build-vscode, and security-audit in parallel, and publish-vscode is gated on all three (release.yml:228-233). The spec described only three jobs and omitted security-audit entirely. Added a ### Job: security-audit subsection and corrected the Stage 1 intro.
• Fix publish-vscode dependency. Spec said it "runs after build-vscode succeeds"; it actually needs build-standalone, build-vscode, and security-audit.
• Remove the stale migration note. It said the old .github/workflows/publish-vscode.yml "should be deleted when the unified release workflow is created" — that file no longer exists and release.yml is in place, so the migration is complete.
• Clarify the NSIS patching step. The spec named only the ADDITIONALPLUGINSPATH/OUTFILE patches; sign-and-deploy.sh:294 first rewrites the ~60 absolute CI-runner paths in the .nsi via scripts/patch-nsis-paths.pl. Added that step since the spec aims to track the scripts it references.

No test added: documentation-only change.

[cloudflare-workers-and-pages]

Deploying mouseterm with    Cloudflare Pages

Latest commit:	fadca9a
Status:	✅  Deploy successful!
Preview URL:	https://29204cbb.mouseterm.pages.dev
Branch Preview URL:	https://docs-deploy-release-sync.mouseterm.pages.dev

View logs