refactor: move Maven POM and publication logic into gradle/maven-pom.gradle
feat: publish signed mavenJava artifacts with sources and Javadoc jars
feat: add Central staging, checksum generation, and centralBundle packaging
feat: add packageReleaseCandidate task for clean local release verification
docs: define Maven POM metadata for org.egothor:radixor
docs: switch project licensing metadata and repository license file to BSD-3-Clause
ci: build signed Central bundle in tagged release workflow
ci: upload Central bundle to Maven Central via Sonatype Portal API
ci: attach Central bundle to GitHub release assets
feat: enable Gradle dependency locking for all configurations
feat: enforce strict lock-state usage in the build
feat: centralize repository declaration in settings.gradle
feat: enable strict Gradle dependency verification via gradle.properties
feat: add committed dependency lock state and verification metadata
fix: defer mockito agent resolution to test execution phase for locked builds
ci: validate reproducibility inputs before workflow builds
ci: include lock and verification inputs in workflow change detection
docs: establish explicit dependency update workflow for locks and verification metadata
feat: add CycloneDX Gradle plugin for standards-based SBOM generation
feat: generate SBOM artifacts in JSON and XML formats
feat: publish SBOM artifacts in CI and expose them through project reports
fix: align CycloneDX task configuration with current plugin task model
fix: remove deprecated String-based projectType assignment for Gradle 10 compatibility
chore: keep SBOM scope focused on production classpaths only
