Control signing and releasing with a flag

Developers trying to do `gradle build` will see the build fail because they don't have a sonatype username and password set up or any mechanism set up for signing. We should guard the release operations with a flag. Maven does this with "profiles," but the gradle way seems to just be a flag: https://blog.gradle.org/maven-pom-profiles