ci: drop tag-triggered publish workflow

Switch to local publish from a maintainer's machine. Reasons:
- `npm_... ` tokens with `Publish`/`Granular` type require OTP even in CI,
  which was blocking the automated flow. Only `Classic Automation` tokens
  bypass OTP, and keeping long-lived Automation tokens in a repo secret
  means a leak allows unattended publishes.
- Interactive `npm login` + `npm publish` gives a human gate on every
  release and keeps 2FA in the loop, which the team considered the safer
  posture for a public package.
- Other CI workflows (ci.yml lint/build, deploy-storybook.yml) are kept.

Maintainers publish with:

  npm login
  npm version <patch|minor|major>
  npm publish
  git push --follow-tags

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: sangun-kang