ci: Update npm release job to use trusted publishing

[sdomas-cksource]

ci: Update npm release job to use trusted publishing

Due to changes to npm tokens
https://github.blog/changelog/2025-09-29-strengthening-npm-security-important-changes-to-authentication-and-token-management
(legacy tokens are going to be removed), ci job related to publishing npm
package is migrated to use trusted publishing which uses short-lived tokens.

repository.url is changed to match the provenance statements during
publishing - invalid url will cause failed release.

npm-publish workflow is removed - it is already disabled, it will not work
with legacy tokens and it seems to duplicate what publish workflow already
does.

Touch: https://tiugotech.atlassian.net/browse/TD-1099

[Copilot]

Pull Request Overview

This PR migrates the npm package publishing workflow from legacy token-based authentication to npm's trusted publishing mechanism, which uses short-lived tokens. This change is necessary due to npm's deprecation of legacy tokens as announced in September 2025.

Key changes:

• Added OIDC permissions for trusted publishing in the GitHub Actions workflow
• Updated the repository URL format to comply with npm provenance requirements
• Removed the deprecated npm-publish.yml workflow file

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
package.json	Updated repository URL from git:// to git+https:// format to support provenance statements
.github/workflows/publish.yml	Migrated to trusted publishing by adding OIDC permissions, updating action versions, requiring npm 11.5.1+, and removing legacy token authentication
.github/workflows/npm-publish.yml	Removed duplicate workflow that was already disabled and incompatible with new authentication

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[ViolanteCodes]

LGTM