fix: use exact equality instead of startsWith for URL assertion

Addresses CodeQL "Incomplete URL substring sanitization" warning.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: ljharb

test/lib/commands/publish.js

@@ -113,7 +113,7 @@ t.test('publish-registry config does not affect install registry', async t => {
     authorization: token,
   })
   t.equal(npm.config.get('registry'), 'https://registry.npmjs.org/')
-  t.ok(npm.config.get('publish-registry').startsWith(publishRegistry))
+  t.equal(npm.config.get('publish-registry'), alternateRegistry + '/')
 })
 
 t.test('re-loads publishConfig.registry if added during script process', async t => {