Frontend Deployment Pipeline: Add AWS Commercial (us-east-1) Container Registry

The automated build-and-deploy pipeline for the DSM frontend now publishes container images to a second AWS registry in the AWS Commercial East (us-east-1) region, in addition to the existing AWS GovCloud registry. This is an infrastructure/DevOps change to support hosting the frontend in a Commercial AWS environment; it does not change any application features or user-facing behavior.

Previously the frontend's deployment images were published only to an AWS GovCloud (us-gov-west-1) container registry. To support running the application in a standard AWS Commercial environment (and a multi-region/multi-account hosting strategy), the build pipeline needed to also publish images to a Commercial East (us-east-1) registry using a separate AWS account and credentials.

No change to application functionality, screens, or workflows for end users. The operational impact is that frontend releases are now available as container images in AWS Commercial East, enabling deployment into Commercial AWS infrastructure. For Production and QA branches, images are now published to the Commercial East registry; the Dev branch publishes to both GovCloud and Commercial East.

Changes are confined to a single CI file, .github/workflows/docker-ecr.yml (+49 / -18). No application or product code was touched.

• Adds a second AWS credentials + ECR login step for Commercial East (us-east-1), using new secrets AWS_ACCESS_KEY_EAST / AWS_SECRET_KEY_EAST, alongside the existing GovCloud (us-gov-west-1) credentials.
• Introduces a new registry target ECR_REPO_EAST (account 644181041575, us-east-1) for the prod, qa, and dev image paths.
• main/qa branches: build and push only to the Commercial East registry (the prior GovCloud push for these branches is removed).
• dev branch: build and push to both GovCloud and Commercial East registries (dual-tagged).
• Switches the build step from docker build + docker push to docker buildx build --platform linux/amd64 ... --push (single-arch amd64).
• Minor cleanup: removed a trailing slash from the dev NEXT_PUBLIC_API_URL.

Risk is operational/deployment-only (no application logic changed), but non-trivial for releases. The new Commercial East publish depends on correctly configured AWS_ACCESS_KEY_EAST / AWS_SECRET_KEY_EAST secrets and the 644181041575 ECR repositories existing; missing secrets, IAM permissions, or repos would fail the workflow. Notably, Production (main) and QA images are now pushed only to Commercial East, so any consumer still pulling Prod/QA images from the GovCloud registry would not receive new builds. Mitigation: confirm the new AWS account/credentials, ECR repos, and downstream deployment targets are aligned before relying on the pipeline.

• Verify a main (Production) build pushes the image to the Commercial East ECR (644181041575.dkr.ecr.us-east-1.amazonaws.com/dms/prod/frontend) with the expected IMAGE_TAG.
• Verify a qa build pushes to the Commercial East QA repo.
• Verify a dev build pushes to both the GovCloud and Commercial East dev repos (dual tags present).
• Confirm the new AWS_ACCESS_KEY_EAST / AWS_SECRET_KEY_EAST secrets authenticate successfully and the buildx amd64 image runs as expected.
• Smoke-test the deployed frontend (login via SSO, basic navigation) to confirm the Commercial East image is functionally identical to prior releases.