ci(release): restore OIDC auth, keep the idempotency guard (security fix)

[MartinCastroAlvarez]

What

Revert the auth method from PR #567 (stored token in repo secrets) back to OIDC Trusted Publishing, while keeping the idempotency guard that PR introduced.

Why

PR #567 changed the publish credential from OIDC to a stored `PYPI_API_TOKEN` repo secret. That's a security downgrade:

Vector	OIDC Trusted Publishing	Stored token
Long-lived secret anywhere?	No	Yes (encrypted at rest, but extant)
Attacker who compromises the repo can publish a malicious wheel?	Only via an approved `release` event	If they exfiltrate the secret, yes, indefinitely
Rotation cadence	Not needed (per-run identity)	Required (calendar-driven)

PyPI explicitly recommends Trusted Publishing for exactly this reason. Sticking with OIDC keeps zero long-lived secrets on disk or in GitHub Secrets.

What I kept from #567

The idempotency guard — the step that queries `pypi.org/pypi///json` before uploading. This is what actually fixes the red `pypi` Deployment widget for already-published versions:

• If 1.0.1 is already on PyPI, the workflow detects this and skips the OIDC upload entirely — the publish job exits green, the deployment goes green.
• The check itself needs no auth (just the public PyPI JSON endpoint), so it works without Publish v1.0.0 to PyPI — one-time owner OIDC setup blocks the release workflow #564 being configured.
• For a fresh version that isn't on PyPI yet, the workflow still attempts OIDC and will red-X until the PyPI-side Trusted Publisher setup is done (still tracked in Publish v1.0.0 to PyPI — one-time owner OIDC setup blocks the release workflow #564). But the manual `.env`-based publish path is unaffected — that already works.

End state

• No GitHub Secret required. `secrets.PYPI_API_TOKEN` reference removed.
• No long-lived token anywhere except the maintainer's local `./.env` (gitignored, never echoed, never tracked, verified clean in history).
• Already-published versions (1.0.0, 1.0.1) → workflow skips upload → deployment goes green without OIDC even being attempted.
• Fresh versions → workflow attempts OIDC; will still red-X until Publish v1.0.0 to PyPI — one-time owner OIDC setup blocks the release workflow #564's PyPI-side step is performed. When that one-time setup is done, fresh uploads go green too, with zero stored secrets.

Closes

• Add PYPI_API_TOKEN repo secret to make release workflow upload to PyPI on every tag #568 — the "add stored secret" follow-up is moot. There is no stored secret to add. (Will close on merge.)

Diff

`.github/workflows/release.yml` — pivot the auth back to OIDC; idempotency guard stays exactly as #567 wrote it.

🤖 Generated with Claude Code