Try and simplify publishing setup

[lihaoyi]

This PR attempts to in-source most of the convenience provided by https://github.com/ckipp01/mill-ci-release into Mill proper. The boilerplate necessary to call publishAll on mac laptops or linux github actions environments was trivial and straightforward, so we just try to automate it:

1. Prefix all environment variables with MILL_: MILL_SONATYPE_USERNAME, MILL_SONATYPE_PASSWORD, MILL_PGP_SECRET_BASE64, MILL_PGP_PASSPHRASE to try and add some rudimentary ownership and namespacing

2. Auto-detect and import MILL_PGP_SECRET_BASE64, and auto-detect MILL_PGP_PASSPHRASE and include it in the default GPG arguments. MILL_SONATYPE_USERNAME and MILL_SONATYPE_PASSWORD were already auto-detected

3. Flesh out the defaultGpgArgs to allow the optional passphrase to be passed in, and include all the flags that Mill uses in its own CI publishing job

4. Set the defaults for readTimeout, awaitTimeout, stagingRelease, publishArtifacts to match the common convention

5. Set release = true by default

Updated the ci/release-maven.sh script to publish using a bootstrap version of Mill, so once this is merged I can immediately test it without needing to go through a rebootstrapping process. The current behavior when passing in flags explicitly should be unchanged, this just acts a lot more aggressively at setting defaults

[lihaoyi]

@ckipp01 as the author of mill-ci-release would love to have your review on this if possible

[lihaoyi]

Thanks @ckipp01! Will take that into account. @lefou this isn't a literal in-sourcing, most of the config defaults are taken from Mill's own build

[lefou]

Checking validation rules should not be hardcoded into publish IMHO. Each remote reporsitory can implement different rules, local publishing typically has non, so the best would be to have some new convenient check* target with some preset for Sonatype OSS Repositoy Hosting. We could create a predefined map from repo URL to Ruleset to configure which checks we should run.