🔧 Use trusted publishing with provenance for npm publish

The workflow already has id-token: write for OIDC. Use --provenance
flag for tokenless trusted publishing instead of a stored npm token.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: hyperb1iss

.github/workflows/release.yml

@@ -122,7 +122,7 @@ jobs:
 
       - name: '▲ Publish to npm'
         if: ${{ !inputs.dry_run }}
-        run: npm publish --access public
+        run: npm publish --provenance --access public
 
       - name: '◆ Create GitHub Release'
         if: ${{ !inputs.dry_run }}