Switch npm publish to OIDC trusted publisher, remove NPM_TOKEN

- Add id-token: write permission for OIDC authentication
- Add --provenance --access public to npm publish
- Remove NODE_AUTH_TOKEN dependency (OIDC replaces it)

Author: prih

.github/workflows/npm.yml

@@ -10,6 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
+      id-token: write
 
     steps:
       - uses: actions/checkout@v6
@@ -22,6 +23,4 @@ jobs:
       - run: npm ci
       - run: cd ui && npm ci
       - run: npm run build
-      - run: npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+      - run: npm publish --provenance --access public