ci(release): add permissions for OIDC and npm provenance

Add id-token, contents, pull-requests, and issues permissions.
Remove NPM_TOKEN in favor of trusted publishing via OIDC.
Update actions/checkout and actions/setup-node to v4.

Author: gr2m

.github/workflows/release.yml

@@ -6,18 +6,23 @@ name: Release
       - main
       - next
       - beta
+permissions:
+  id-token: write # to enable use of OIDC for trusted publishing and npm provenance
+  contents: write # tags and releases
+  pull-requests: write # comments
+  issues: write # comments
+
 jobs:
   release:
     name: release
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
-      - uses: actions/setup-node@v6
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
           node-version: lts/*
           cache: npm
       - run: npm ci
       - run: npx semantic-release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}