Move from bit.ly URLs to rel.k8s.io for the release team

[Vyom-Yadav]

Bit ly has started adding ads between redirects, so we're moving away from bit ly.

Context: https://kubernetes.slack.com/archives/C2C40FMNF/p1739462854147559

/cc @BenTheElder @katcosgrove @fsmunoz @neoaggelos

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Vyom-Yadav
Once this PR has been reviewed and has the lgtm label, please assign xmudrii for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• apps/k8s-io/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Vyom-Yadav]

/cc @xmudrii

[Vyom-Yadav]

Thinking about this again, this could allow for something similar to subdomain takeover or unknown redirect.

rel.k8s.io/v123/steal-your-passwords would redirect externally to https://bit.ly/k8s123-steal-your-passwords which isn't safe imo. (As the user would trust rel.k8s.io)

For maintaining backwards compatibility, we can have a generic links.md in sig-release which would have the generic URLs for previous release.

[BenTheElder]

We should also constrain the lower bound if we go this route.
EDIT: To whatever version we know has all these links already to avoid squatting

I think it might be best to directly include them here without the bit.ly link in the middle?

[Vyom-Yadav]

Yeah, having bit ly remains doesn't seem like a great solution. I can write a short script which can auto populate links.md for the older releases.

Updated this to do a redirect to sig-release only.