fix: use OIDC trusted publisher for pypi instead of token

Author: jayeshmepani

.github/workflows/publish-pypi.yml

@@ -9,6 +9,9 @@ jobs:
   build-and-publish:
     name: Build and publish to PyPI
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write  # IMPORTANT: mandatory for trusted publishing
+      contents: read   # This is required for actions/checkout
 
     steps:
       - uses: actions/checkout@v4
@@ -26,5 +29,3 @@ jobs:
 
       - name: Publish package to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          password: ${{ secrets.PYPI_API_TOKEN }}