chore(release-script): run notice:check + license:check in preflight

[bjagg]

Summary

• Run notice:check and license:check during preflight instead of just running the formatters and trusting git diff to detect drift
• Auto-copy target/NOTICE.expected over root NOTICE when notice:check reports drift, then re-verify (matches the documented "review changes and commit" workflow)
• Preserve the operator-review-then-commit-then-rerun loop for any remaining auto-fixed working-tree changes

Why

The 3.4.3 release (cut today via this script) hit two failure paths that the preflight should have caught but didn't:

1. NOTICE drift: notice:generate writes to target/, not the root NOTICE. After a dependency was dropped from pom.xml (the resource-server-content overlay in refactor: CKEditor webjar swap + drop resource-server-content overlay #554), the root NOTICE stayed stale, the script's git diff check found nothing, and the drift only surfaced when mvn release:prepare's clean verify invoked notice:check mid-release.

2. Missing license header: license:format only updates files that have a header to update. release-portlet.sh was committed in chore: add release-portlet.sh (Maven release preflight + cut script) #557 without an Apache header at all and slipped past the script's styling pass entirely. license:check would have caught it; the script never ran it.

Both failures cost a full mvn release:clean + manual prep commit + push + retry per occurrence.

Test plan

• On a portlet repo with deliberately stale NOTICE (e.g. delete a known-current line), run release-portlet.sh --release X --next Y and confirm Phase 5 auto-syncs target/NOTICE.expected → NOTICE and aborts with the diff for operator review
• On a portlet repo with a file missing the Apache header, confirm Phase 5 aborts with license:check output rather than proceeding to the destructive release plugin

[ChristianMurphy]

Script looks fine, does Maven not have a built in way to chain these commands together?