Strengthen release validation

[eric-tramel]

What

Strengthen ddp check-release <plugin_name> <tag_version> so release validation now checks the plugin package metadata, release ref contract, checked-in schema v2 catalog entries for the releasing package, release-safe source metadata, docs URL metadata, and per-plugin CODEOWNERS release ownership.

Why

A plugin release can currently pass with only version and basic PyPI metadata checks, leaving stale or incomplete catalog/plugins.json entries, path-based catalog sources, mismatched git refs, or email-only CODEOWNERS to fail later or ship incorrect tap metadata. This makes release validation catch those problems before build and publish.

Usage

make validate-release PLUGIN=data-designer-template
uv run ddp check-release data-designer-template 0.1.0

For release-eligible CODEOWNERS, per-plugin CODEOWNERS may still include GitHub users, GitHub teams, or emails, but a releasable package must include at least one GitHub owner such as:

* @NVIDIA-NeMo/data_designer_reviewers

Email-only ownership now fails ddp check-release with a message that asks for a GitHub @user or @org/team owner.

How

• Reuses existing ddp.catalog and ddp.tap_config helpers for PEP 440 versions, Python specifiers, direct data-designer dependency parsing, package paths, source object validation, docs slug generation, and release ref formatting.
• Validates checked-in schema v2 catalog entries for the releasing package against the package metadata, including entry point coverage for multi-entry packages, compatibility fields, pypi/git/path source release rules, and docs URL expectations.
• Adds shared CODEOWNERS parsing helpers plus a small ddp.release_owners module so publish CI authorization and local release validation use the same owner-token parsing path.
• Updates publish CI owner extraction to call the helper while preserving the existing direct-user and team-membership authorization behavior.

Validation

• make sync
• uv run pytest devtools/ddp/tests/test_validate_release.py -q
• uv run pytest devtools/ddp/tests/test_codeowners.py -q
• uv run pytest devtools/ddp/tests/ -q
• uv run ruff check devtools/ddp/src/ddp/validate_release.py devtools/ddp/src/ddp/codeowners.py devtools/ddp/src/ddp/release_owners.py devtools/ddp/tests/test_validate_release.py devtools/ddp/tests/test_codeowners.py
• uv run ruff format --check devtools/ddp/src/ddp/validate_release.py devtools/ddp/src/ddp/codeowners.py devtools/ddp/src/ddp/release_owners.py devtools/ddp/tests/test_validate_release.py devtools/ddp/tests/test_codeowners.py
• make validate-release PLUGIN=data-designer-template
• make check
• make lint
• make validate