CI: split 'build' into 'test' and 'deploy' workflows

[mwtoews]

Split the CI workflows into two logical components:

1. test: keeps multi-platform/mulit-sdix combination checks with conda, and checks ubuntu. This workflow has a cron schedule, running automatically once a week.
2. deploy: builds wheels (via cibuildwheel) and sdist, publishes to PyPI based on this example which contains a few fixes for recent upload/download actions with multiple targets.

[mwtoews]

Not surprisingly, the deploy workflow did not work on publish:

Notice: Attempting to perform trusted publishing exchange to retrieve a temporary short-lived API token for authentication against https://upload.pypi.org/legacy/ due to token username with no supplied password field Error: Trusted publishing exchange failure: Token request failed: the server refused the request for the following reasons:

• invalid-publisher: valid token, but no corresponding publisher (All lookup strategies exhausted)

This generally indicates a trusted publisher configuration error, but could also indicate an internal error on GitHub or PyPI's part.

most likely this needs to be restored (for next release):

          user: __token__
          password: ${{ secrets.pypi_token }}

Also I don't have permissions on PyPI to manually upload the artefacts:

ERROR HTTPError: 403 Forbidden from https://upload.pypi.org/legacy/
The user 'mwtoews' isn't allowed to upload to project 'Rtree'.

@hobu could you provide the permissions? Then I'll simply use twine upload manually this round.