fix: add signing config so release APK can be installed

The release build had no signing config, producing an unsigned APK
that Android refuses to install. Added debug keystore signing for
release builds and a CI step to ensure the keystore exists.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.gitea/workflows/build-release.yml

@@ -20,6 +20,22 @@ jobs:
           echo "sdk.dir=$ANDROID_HOME" > local.properties
           cat local.properties
 
+      - name: Ensure signing keystore
+        run: |
+          KEYSTORE="$HOME/.android/debug.keystore"
+          if [ ! -f "$KEYSTORE" ]; then
+            mkdir -p "$HOME/.android"
+            keytool -genkeypair -v \
+              -keystore "$KEYSTORE" \
+              -alias androiddebugkey \
+              -keyalg RSA -keysize 2048 -validity 10000 \
+              -storepass android -keypass android \
+              -dname "CN=Android Debug,O=Android,C=US"
+            echo "Generated debug keystore"
+          else
+            echo "Keystore already exists"
+          fi
+
       - name: Build Release APK
         shell: bash
         run: |