fix(ci): harden TypeScript SDK native publish

[Lythaeon]

Description

Hardens the TypeScript SDK native publish flow so release retries do not fail on already-published packages, native optional package failures do not block the main SDK package publish, and CI no longer depends on missing platform build tools for the native package matrix.

Changes

• .github/workflows/release-typescript-sdk.yml: publish native packages through an idempotent script, keep native package matrix failures non-blocking for the main SDK publish, and avoid unused cross-build tooling in the platform-native matrix.
• sdks/typescript/scripts/build-native-host.mjs: infer the native package platform from the package directory, support explicit platform/arch/target overrides, honor CARGO_TARGET_DIR, copy Windows .exe outputs correctly, and keep Linux-only kernel-bypass features Linux-only.
• sdks/typescript/scripts/publish-package.mjs: skip npm publish successfully when the exact package version already exists.
• sdks/typescript/scripts/validate-native-package.mjs: add a local dry-run harness for native package builds.
• vendor/laserstream-core-proto: patch Laserstream proto generation to use vendored protoc instead of protobuf-src, avoiding autotools/protoc availability failures in CI.
• vendor/yellowstone-grpc-client: patch Unix Domain Socket APIs behind cfg(unix) so Windows native builds do not compile Unix-only types.
• crates/sof-observer: clean non-Linux unused warning paths with cfg and semantic imports instead of new allow attributes.

Motivation

Business motivation:
Ship the TypeScript SDK release without making users wait on optional native package recovery for platforms they do not use.

Technical motivation:
The publish flow failed when a native package was already published and when platform-specific Rust dependencies assumed unavailable tooling or Unix-only APIs.

Alternative approaches considered:
Prebuilding every platform from Linux via cross compilation was rejected for this fix because the release matrix already uses platform-native runners and cross-compilation added unnecessary OpenSSL/Zig/toolchain risk.

Scope and impact

• Affected slices: TypeScript SDK release CI, native runtime host packaging, Rust observer ingest/runtime warning cleanup, patched vendored Laserstream/Yellowstone dependencies.
• Data/API changes: No public SDK API change.
• Backward compatibility: Existing SDK package names and optional native package names remain unchanged.
• Performance impact: No runtime performance change; publish/build flow only.
• Security impact: npm token remains scoped to publish steps; already-published packages are detected before publishing.

Testing

• Unit tests
• Integration tests
• Manual verification
• Performance checks (if applicable)
• Security checks (if applicable)

Commands/results:

cargo check -p sof --features provider-websocket,provider-grpc,gossip-bootstrap,kernel-bypass
cargo check -p sof --features provider-websocket,provider-grpc,gossip-bootstrap
cargo clippy -p sof --features provider-websocket,provider-grpc,gossip-bootstrap,kernel-bypass --all-targets -- -D warnings
pnpm --dir sdks/typescript run check
node sdks/typescript/scripts/validate-native-package.mjs --package-dir sdks/typescript/native/linux-x64
cd sdks/typescript && pnpm publish --dry-run --access public --no-git-checks
docker run ... node sdks/typescript/scripts/validate-native-package.mjs --package-dir sdks/typescript/native/linux-x64

All listed commands passed. The first Docker attempt failed because the mounted /tmp/sof-docker-target directory was owned by a previous container user; after recreating it as writable, the clean Node 22 Debian container validation passed.

Related issues and documentation

• Fixes: TypeScript SDK publish CI failures on native package retry/platform builds.
• Related: npm 0.1.1 release recovery.
• Architecture docs: docs/architecture/README.md
• Relevant ARD/ADR: Not applicable.
• Operations/runbook updates: Not applicable.

Reviewer checklist

• Code follows project standards and architecture constraints
• Slice boundaries are respected (docs/architecture/ard/0003-slice-dependency-contracts.md)
• Tests added/updated and passing
• Documentation updated (README/docs/operations as needed)
• No undocumented breaking change
• Performance trade-offs documented where relevant
• Security considerations addressed where relevant

Additional notes

This PR does not create, move, or retrigger release tags. Tags should still only be applied to commits on main after merge.