Update npm-publish workflow to use trusted publishing

[acelaya]

Following the documentation at https://docs.npmjs.com/trusted-publishers, and after making the required changes in https://www.npmjs.com/package/@hypothesis/frontend-shared/access (only accessible to team members), this PR updates the npm-publish.yml workflow to no longer publish packages using an npm token, and instead use trusted publishing.

We are updating the workflow to use node 24 too, as trusted published requires a recent version of npm.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (599c619) to head (a1a53c5).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main     #2116   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           71        71           
  Lines         1364      1364           
  Branches       509       509           
=========================================
  Hits          1364      1364           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.