Fix canary execution during prod release (#3575)

The new canary secrets weren't being propagated from the root prod
release workflow into the CI workflow, so the canary was failing. This
PR propagates those secrets, and also makes it possible to run the full
CI workflow in a dry-run release so that it's possible to test in the
future.

----

_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._