Issue Description

Implement release management strategy for hve-core with:

1. Release-please version synchronization - Configure extra-files to sync extension/package.json version with root package.json when release-please creates release PRs

2. Manual-only extension publishing - Update extension-publish.yml to use workflow_dispatch only, with commented-out release trigger as infrastructure for future auto-publish

3. OIDC authentication for VS Code Marketplace - Replace PAT-based authentication with Azure OIDC federated credentials to eliminate 7-day PAT expiration issues:

   • App Registration with federated credential for repo:microsoft/hve-core:environment:marketplace
   • GitHub environment marketplace restricted to main branch
   • Service principal added to VS Code Marketplace publisher via Profile ID

4. Contributor documentation - Create docs/contributing/release-process.md explaining:

   • Trunk-based development workflow
   • How release-please manages versions and changelogs
   • When and how to merge Release PRs
   • Manual extension publishing steps

Additional Context

This addresses the constraint that organization PATs expire after 7 days, making automated publishing unreliable. OIDC authentication provides secretless, renewable credentials that don't require manual rotation.

Key infrastructure already in place:

• App Registration: c06e2f0e-78da-4d72-9bdc-781b61e6beca
• Federated credential configured for environment:marketplace
• GitHub environment marketplace with branch protection on main
• SP added to publisher with Profile ID 051554c6-ba3f-6aab-b206-bc95fc308619