Use Kubernetes release-notes tool for releases

[justaugustus]

Part of #1676

ref: https://github.com/kubernetes/release/blob/master/cmd/release-notes/README.md

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

[spencerschrock]

Redirect here from another issue, but felt more applicable to post this here.

I played briefly with release-notes to get an idea of what the CLI call might be if generating the patch notes for v4.10.3.

release-notes --org ossf --repo scorecard --branch main \
  --dependencies=false \
  --required-author "" \
  --start-rev v4.10.2 \
  --end-rev main

a portion of the output would look like.
Note: there are some issues with the autogenerated summaries for PRs with multiple code blocks:

- Accept pip installs with `-e` flag along with `--no-deps` flag in Pinned-Dependencies check. Editable pip installs will be accepted if coming from a local source or a remote Git source pinned by hash, as long as it's not installing dependencie
s. (#2731, @gabibguti)
- Add internal flags to support GitHub's internal scans (#2773, @laurentsimon)
- Add wasm files as binary artifacts (#2548, @gabibguti)
- Azure Devops is now a recognized CI system (#2662, @pettermk)
- Code-Review check uses leveled scoring
  Code-Review check returns inconclusive results when recent activity is solely made up of bot commits (#2542, @raghavkaul)
- Disable scorecard on PRs (#2571, @laurentsimon)
- GitLab support for Security-Policy check (#2754, @raghavkaul)
- Ko-build/setup-ko is detected as a packaging workflow (#2692, @imjasonh)
- Structured results for permissions (#2584, @laurentsimon)
- Suggested remediations for unpinned Docker images now maintain any tags that were present. (#2595, @spencerschrock)
- The CI-Tests check will show the correct check name when it encounters a runtime error. (#2756, @spencerschrock)
- The date format in the JSON results has been changed to RFC3339 (#2712, @naveensrinivasan)
- Update docs on how to run and debug Scorecard locally (#2587, @gabibguti)

There would need to be better review of the release-note field in the PR body. And a clarification of what a user-facing change might be. Is this for a CLI user? a library user? etc
I'm not sure what the interaction would look like between release-notes and goreleaser would look like.

[github-actions]

This issue is stale because it has been open for 60 days with no activity.

[spencerschrock]

Closing as part of #3322