Build Windows MSI artifacts from short dist path

[gontzess]

Why

The standard Go release workflow already enables Git long paths for Windows checkouts, but MSI generation can still fail before the workflow flattens files. GoReleaser Pro writes WiX source files under its dist directory using the public MSI name, and very long connector names can push that generated path beyond what WiX v3 handles.

This is a defensive parity change with the axiomatic workflow fix. It may be more conservative than strictly needed for standard Go connectors today, so this PR is draft for review.

What this changes

Points the Windows GoReleaser dist directory at a short runner-temp path while keeping the public ZIP and MSI filenames. After GoReleaser finishes, the workflow stages the public ZIP, MSI, signatures, and certificates back into the normal dist directory.

Windows SBOMs are generated after staging from the public filenames, then the existing provenance, SBOM attestation, upload, manifest, checksum, verification, and registry recording paths continue to read from the normal dist directory.

Validation

• git diff --check
• Parsed release workflow and Windows GoReleaser template with yq
• Rendered a sample Windows GoReleaser config with envsubst and parsed it with yq
• go test ./cmd/generate-windows-manifest

Not run locally: actionlint and pwsh were not installed. No test release was cut because there is not a known standard Go connector reproducer.