ci: migrate to OIDC Trusted Publishing

Ticket: DX-2081

Author: Tanjeem Hossain

.github/workflows/main_ci.yml

@@ -1,4 +1,11 @@
 name: Run Tests
+permissions:
+  # Needed for OIDC Trusted Publishing
+  id-token: write
+  # Needed for semantic-release
+  contents: write
+  pull-requests: write
+  issues: write
 
 on:
   push:
@@ -71,6 +78,7 @@ jobs:
   release:
     if: github.repository_owner == 'BitGo' && github.event_name == 'push' && github.ref_name == 'master'
     runs-on: ubuntu-latest
+    environment: publish-bip174
     needs:
       - audit
       - unit
@@ -82,10 +90,12 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
-          node-version: 14
+          node-version: 22
           cache: 'npm'
+      - name: Ensure npm 11.5.1
+        run: |
+          npm install -g npm@11.5.1
       - run: npm ci
       - run: ./node_modules/.bin/semantic-release
         env:
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}