ci: Update SSM parameter pairs for Sonatype credentials (#44)

<!-- CURSOR_SUMMARY -->
> [!NOTE]
> **Low Risk**
> Low risk workflow-only change that just points secret retrieval at new
SSM parameter names; main risk is failed releases if the new parameters
are missing/misnamed.
> 
> **Overview**
> Updates the `publish.yml` GitHub Actions workflow to fetch Sonatype
credentials from the new SSM paths under
`.../sonatype/central/{username,password}` instead of the previous
`.../sonatype/{username,password}` parameters, leaving the rest of the
publish process unchanged.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
eeab9b9. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

Author: kinyoklion

.github/workflows/publish.yml

@@ -49,8 +49,8 @@ jobs:
         name: Get secrets
         with:
           aws_assume_role: ${{ vars.AWS_ROLE_ARN }}
-          ssm_parameter_pairs: '/production/common/releasing/sonatype/username = SONATYPE_USER_NAME,
-          /production/common/releasing/sonatype/password = SONATYPE_PASSWORD,
+          ssm_parameter_pairs: '/production/common/releasing/sonatype/central/username = SONATYPE_USER_NAME,
+          /production/common/releasing/sonatype/central/password = SONATYPE_PASSWORD,
           /production/common/releasing/java/keyId = SIGNING_KEY_ID'
           s3_path_pairs: 'launchdarkly-releaser/java/code-signing-keyring.gpg = code-signing-keyring.gpg'