ci: automate release info update PRs

[scotluns]

Why

This adds the mitreattack-python side of the automated ATT&CK release metadata flow, so a PR can be opened once both STIX release repos have matching published assets.

What Changed

• Adds a manually runnable and scheduled workflow that runs scripts/update_release_info.py
• Uses the existing updater as the readiness gate: mismatched upstream latest versions fail before a PR is created
• Opens or updates a deterministic automation/update-release-info-<version> PR when mitreattack/release_info.py changes
• Uses the ATTACK_AUTOBOT GitHub App token so the generated PR can run normal repository checks

Relationship

Companion to mitre-attack/attack-stix-data#71. That PR dispatches this workflow when an attack-stix-data release is published; this PR receives the dispatch, validates both STIX release sources through the updater, and creates the actual mitreattack-python metadata PR.

How To Verify

• Ruby YAML parse check passed locally for .github/workflows/update-release-info-pr.yml

Known Gaps

• actionlint is not installed locally, so GitHub Actions semantic linting was not run.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud