fix(ci): revert Fly registry username to 'x' — 'molecule-ai' gets 401

Post-mortem on the failed publish-platform-image run on main (PR #82):

Fly's Docker registry requires username EXACTLY equal to "x". My
code-review "readability fix" changing it to "molecule-ai" caused
every push to return 401 Unauthorized. Verified locally:

  echo $FLY_API_TOKEN | docker login registry.fly.io -u x --password-stdin
  → Login Succeeded

  echo $FLY_API_TOKEN | docker login registry.fly.io -u molecule-ai --password-stdin
  → 401 Unauthorized

Lesson: don't second-guess docs that specify a literal value. Comment
now says "MUST be literal 'x'" with a 2026-04-15 verification note to
prevent future regressions.

Code-review process improvement: when reviewing a change against a
vendor API, prefer "preserve exact doc-specified values" over readability
suggestions. Logged as a cron-learning.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.github/workflows/publish-platform-image.yml

@@ -50,16 +50,16 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Log in to Fly registry
-        # Fly's registry is entirely token-auth: username is ignored, password
-        # must be a valid FLY_API_TOKEN. We pass "molecule-ai" as a human-
-        # readable placeholder so this step is obvious to future readers.
+        # username MUST be literal "x". Fly's registry returns 401 for any
+        # other value (verified locally 2026-04-15 — "molecule-ai" fails,
+        # "x" succeeds with the same token). The password is the FLY_API_TOKEN.
         # Rotation: see docs/runbooks/saas-secrets.md — FLY_API_TOKEN lives in
         # two places (GitHub Actions secret here + `fly secrets` on molecule-cp)
         # and MUST be updated in both on rotation.
         uses: docker/login-action@v3
         with:
           registry: registry.fly.io
-          username: molecule-ai
+          username: x
           password: ${{ secrets.FLY_API_TOKEN }}
 
       - name: Compute tags