Add iOS build workflow for pull requests with code signing support

[Copilot]

This PR adds a comprehensive iOS build workflow that triggers on pull requests and produces signed iOS builds for device installation.

New Features

iOS Build Workflow (.github/workflows/ios-build.yml)

• Triggers: Pull requests to main and develop branches only
• Runner: macOS-latest for iOS build compatibility
• Smart Code Signing: Automatically detects if Apple Developer secrets are configured
• Dual Build Support: Produces signed IPAs when secrets are available, unsigned for development when not

Artifacts Produced

• ios-ipa: iOS IPA file with 30-day retention
• ios-build-report: Comprehensive build report with device installation instructions

Code Signing Integration

The workflow supports full iOS code signing with the following GitHub secrets:

• APPLE_CERTIFICATE_BASE64: Base64-encoded P12 certificate
• APPLE_CERTIFICATE_PASSWORD: Certificate password
• APPLE_PROVISIONING_PROFILE_BASE64: Base64-encoded provisioning profile
• APPLE_TEAM_ID: Apple Developer Team ID

Device Installation Instructions

The workflow automatically generates detailed installation instructions including:

• Xcode Method: Step-by-step device installation via Xcode Device Manager
• 3uTools/iTunes: Alternative installation methods for non-developers
• TestFlight: Instructions for App Store Connect distribution
• Technical Details: Bundle ID, iOS version, architecture, and file size

Documentation

Complete Setup Guide (IOS_CODE_SIGNING.md)

• Detailed instructions for obtaining Apple Developer certificates
• Step-by-step secret configuration process
• Troubleshooting guide for common code signing issues
• Security best practices and recommendations

Updated README

• Documents both existing and new workflows
• Clear distinction between main CI/CD and PR-specific iOS builds
• Instructions for accessing and using build artifacts

Security & Best Practices

• Uses GitHub's encrypted secrets for all sensitive data
• Creates temporary keychain with automatic cleanup
• No sensitive information exposed in logs or artifacts
• Follows Apple's recommended code signing procedures

Example Usage

When a pull request is created, the workflow will:

1. Without Secrets: Build unsigned IPA with setup instructions
2. With Secrets: Build signed IPA ready for device installation

The generated build report provides clear next steps for either scenario, making it easy for both developers and testers to get the app running on iOS devices.

Fixes #28.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.