Switch release workflow to npm Trusted Publishing (no token needed)

Remove NPM_TOKEN secret dependency. npm authenticates via OIDC token
from GitHub Actions automatically via the trusted publisher connection.
More secure — no long-lived tokens stored in secrets.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: unknown

.github/workflows/release.yml

@@ -38,8 +38,6 @@ jobs:
 
       - name: Publish to npm
         run: npm publish --provenance --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
       - name: Create GitHub Release
         uses: softprops/action-gh-release@v2