Configure trusted publishing for npm package

[343dev]

TL;DR

Updated GitHub Actions workflow for npm publishing with improved security and newer action versions.

What changed?

• Moved permissions from job level to workflow level for better security
• Removed the actions: write permission as it's no longer needed
• Updated actions/checkout from v4 to v6
• Updated actions/setup-node from v4 to v6
• Removed the --provenance flag from the npm publish command
• Removed the NODE_AUTH_TOKEN environment variable and associated secret

How to test?

1. Trigger the workflow by completing a successful run on the main branch
2. Verify that the npm package is published correctly without using the token-based authentication
3. Confirm that the OIDC-based authentication works properly with the id-token permission

Why make this change?

This change modernizes the npm publishing workflow by:

1. Using the latest versions of GitHub Actions
2. Adopting a more secure approach by moving to OIDC-based authentication instead of token-based authentication
3. Simplifying the workflow by removing unnecessary permissions and environment variables
4. Following best practices by defining permissions at the workflow level

[343dev]

• Update SVGO config & project dependencies #35
• Update macOS CI runners #34
• Fix CLI path handling in tests #33
• Configure trusted publishing for npm package #32 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.