Add Gitea Actions workflow that builds wraith.exe for Windows amd64,
signs it with an Azure Key Vault certificate via jsign, and uploads
the signed binary with a version.json manifest.
Also adds a `version` var to main.go for -ldflags injection at build time.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
