fix(ci): install patchelf for maturin wheel-link repair

The Release workflow's multi-arch publish-docker job failed after
78 minutes of QEMU-emulated arm64 cargo compilation. Maturin's
wheel-link repair step needs `patchelf` to bundle external
shared libraries (libssl.so.3, libcrypto.so.3, libzstd.so.1)
into the wheel and rewrite their RPATH:

    🔗 External shared libraries to be copied into the wheel:
        libssl.so.3 => /usr/lib/aarch64-linux-gnu/libssl.so.3
        libzstd.so.1 => /usr/lib/aarch64-linux-gnu/libzstd.so.1.5.7
        libcrypto.so.3 => /usr/lib/aarch64-linux-gnu/libcrypto.so.3
    💥 maturin failed
      Caused by: Failed to execute 'patchelf', did you install it?

Compounding chain:
1. PR #350 added pkg-config + libssl-dev to unblock the cargo build
   (openssl-sys couldn't find OpenSSL headers).
2. That made Cargo dynamically link to libssl.
3. Maturin then needs patchelf to rewrite the wheel's RPATH so the
   bundled .so references resolve at runtime.
4. patchelf was never installed → fail.

Why this didn't surface in PR CI: docker-native-e2e builds only
the host platform (amd64). The Release workflow's docker-bake
builds linux/amd64 + linux/arm64 via setup-qemu-action, and the
arm64 emulation chain hits the patchelf path (different bundling
heuristic from amd64).

Follow-up that's NOT in this hotfix:
The 78-minute QEMU compile is the bigger structural issue. Switching
the Release workflow to native arm64 runners (`runs-on:
ubuntu-24.04-arm`) would cut that to ~5 min. Filing separately.

Run that failed: 25268839539

Author: chopratejas

Dockerfile

@@ -31,6 +31,7 @@ RUN apt-get update && \
     ca-certificates \
     pkg-config \
     libssl-dev \
+    patchelf \
   && rm -rf /var/lib/apt/lists/*
 
 RUN python -m pip install --no-cache-dir uv==${UV_VERSION}