How we built a secure, auditable, and low-friction release system at Sentry that is resistant to supply-chain attacks like Shai-Hulud