chore(workflow): centralize Sonatype credentials in env section

Move Sonatype and signing secrets to the environment block for cleaner and more secure workflow configuration.

Author: hanrw

.github/workflows/releaase-to-central-sonatype.yml

@@ -28,6 +28,11 @@ jobs:
     permissions:
       contents: write
       actions: read
+    env:
+      SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
+      SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
+      SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
+      SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
     steps:
       - name: Checkout sources
         uses: actions/checkout@v4
@@ -74,9 +79,4 @@ jobs:
           generate_release_notes: true
 
       - name: Publish to Maven Central via Sonatype Portal
-        run: ./gradlew publishToCentral -PLIBRARY_VERSION=${{ inputs.version }}
-        env:
-          SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
-          SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
-          SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
-          SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
+        run: ./gradlew publishToCentral -PLIBRARY_VERSION=${{ inputs.version }}