Add proof-measure client + Gitea PyPI publish; bump to 0.4.0

proof-measure is a separate, public, unauthenticated Dragonchain service. Adds:
- UnauthenticatedClient: HMAC-free transport mirroring Client (session
  injection, allow_redirects=False, from_dict decoding).
- ProofMeasureClient: get_security / report / health; default base URL
  https://proof-measure.dragonchain.com. Standalone (ProofMeasureClient()) and
  via DragonchainSDK.proof_measure.
- Proof-measure dataclass models (decimals as strings, timestamps as int).
- .gitea/workflows/publish.yml: build + twine upload to the Gitea PyPI registry
  on release (the SDK had no publish workflow before).

Also fixes 3 pre-existing failing tests: _FakeSession.request didn't accept the
allow_redirects kwarg the client now passes (added by the prior redirect change),
so the suite was red at HEAD.

tests/test_client.py

@@ -93,8 +93,16 @@ class _FakeSession:
         self.response = response
         self.calls = []
 
-    def request(self, method, url, data=None, headers=None, timeout=None):
-        self.calls.append({"method": method, "url": url, "data": data, "headers": headers})
+    def request(self, method, url, data=None, headers=None, timeout=None, allow_redirects=None):
+        self.calls.append(
+            {
+                "method": method,
+                "url": url,
+                "data": data,
+                "headers": headers,
+                "allow_redirects": allow_redirects,
+            }
+        )
         return self.response