chore(ci): validate chocolatey package metadata at build time

[benjaminrigaud-gg]

What

In the windows package build (windows_build_chocolatey_package), install chocolatey-community-validation.extension and run a throwaway choco pack so the build surfaces any CCR package-metadata violations.

Why

ggshield has failed to publish to Chocolatey since 1.50.1: push.chocolatey.org returns only an opaque 409 Conflict (even with --debug --verbose), and the versions never enter moderation. In chocolatey/home#399, a Chocolatey maintainer (pauby) suggested the Community Validation Extension, which runs CCR's validator rules locally at choco pack time and reports the real metadata error.

This wires that into CI (which builds the choco package on every push), so the validation output lands in the Build packages (windows-2022) log — no release or production push needed. It also permanently guards future releases against the same class of error.

Safety

It's isolated and non-fatal:

• validation choco pack writes to a throwaway $(mktemp -d) and is || true,
• the extension is uninstalled before the real pack, so the artifact build is unchanged and the step can't fail the build.

Once we read the surfaced error and fix the nuspec, a follow-up can promote this to a hard gate. Refs chocolatey/home#399.

[linear]

END-315

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.51%. Comparing base (158ff03) to head (aa69f2a).
⚠️ Report is 21 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1297   +/-   ##
=======================================
  Coverage   93.51%   93.51%           
=======================================
  Files         189      189           
  Lines       11081    11081           
=======================================
  Hits        10362    10362           
  Misses        719      719           

Flag	Coverage Δ
unittests	93.51% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[benjaminrigaud-gg]

All good 🤔

https://github.com/GitGuardian/ggshield/actions/runs/27687386842/job/81889359933#step:12:254

chocolatey-community-validation.extension v0.2.0 [Approved]
chocolatey-community-validation.extension package files install completed. Performing other installation steps.
 Installed/updated chocolatey-community-validation extensions.
 The install of chocolatey-community-validation.extension was successful.
  Deployed to 'C:\ProgramData\chocolatey\extensions\chocolatey-community-validation'

Chocolatey installed 1/1 packages. 
 See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).
Chocolatey v2.7.2
NOTE: CPMR0068: The package maintainer field (owners) matches the software author field (authors) in the nuspec.
      See https://ch0.co/rules/cpmr0068
Attempting to build package from 'ggshield.nuspec'.
Successfully created package 'C:/Users/RUNNER~1/AppData/Local/Temp/tmp.FyEmWHlGuB\ggshield.1.52.1.nupkg'
Chocolatey v2.7.2
Uninstalling the following packages:
chocolatey-community-validation.extension