Backend builds now publish to a second AWS region (Commercial East ECR)

This is an internal build-pipeline change with no user-facing feature impact. The backend's automated Docker build now publishes each image to a second Amazon ECR registry in AWS Commercial us-east-1 in addition to the existing AWS GovCloud (us-gov-west-1) registry, so the same backend image is available for deployments in both AWS partitions.

The backend was previously published only to a GovCloud ECR registry. To support hosting/deploying the backend in an AWS Commercial East region (a different AWS account and partition), the build needs to make the identical image available there as well, without maintaining a separate build process.

No change to application behavior, APIs, or the UI for clients or end users. Operationally, each merge to the Dev, QA, and Prod branches now produces one image pushed to both the GovCloud and Commercial East registries, enabling deployments in either environment from the same trusted artifact.

Single-file change to the .github/workflows/docker-ecr.yml CI workflow:

• Added a second AWS credential configuration and ECR login step (AWS_ACCESS_KEY_EAST / AWS_SECRET_KEY_EAST, region us-east-1, account 644181041575) alongside the existing GovCloud login.
• Introduced an ECR_REPO_EAST variable for the Dev, QA, and Prod backend repositories and added it as a second --tag on the docker buildx ... --push step so each build is pushed to both registries.
• Renamed the existing credential/login steps to label them "(GovCloud)" for clarity.
• Reworked the release build's platform selection into a case on the branch name: QA now builds multi-arch (linux/arm64,linux/amd64) while Prod builds linux/amd64 only (previously Prod was the multi-arch build).

Low and infrastructure-scoped; no runtime code changed. Main risks: (1) the new AWS_ACCESS_KEY_EAST / AWS_SECRET_KEY_EAST secrets and the target East ECR repositories must exist with push permissions, or the build step fails; (2) the Prod build was reduced from multi-arch to linux/amd64 only, so any deploy target expecting an arm64 Prod image would be affected. Mitigation: verify secrets/repos are provisioned and confirm the Prod deployment architecture is amd64 before relying on this.

• Trigger a Dev/QA build and confirm the workflow succeeds and the image lands in both the GovCloud and the new us-east-1 ECR repositories with matching tags.
• Confirm the QA image is built for both arm64 and amd64, and the Prod image for amd64.
• Verify a deployment can pull and run the backend image from the Commercial East registry.
• Confirm GovCloud pushes are unaffected (no regression for existing deployments).