feat(gh): enable Trusted Publisher authentication for NPM publishing (#521)

* chore(gh): remove disabled workflow

* feat(gh): update workflow to use OIDC

Author: eduardoRoth

.github/workflows/manual-release.yml

@@ -133,11 +133,12 @@ jobs:
             --targets=linux-x64,win32-x64,darwin-arm64 \
             --ignore-missing
 
+
   npm-publish:
     runs-on: ubuntu-latest
     needs: [check-version, test, upload-assets]
     permissions:
-      id-token: write
+      id-token: write # Required for OIDC
     steps:
       - uses: actions/checkout@v6
       - uses: actions/setup-node@v6
@@ -151,15 +152,11 @@ jobs:
 
       # Dry run NPM publish
       - name: Dry run NPM publish
-        run: npm publish --tag ${{ needs.check-version.outputs.oclif_channel }} --provenance --access public --dry-run
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.HD_CLI_NPM_TOKEN }}
+        run: npm publish --tag ${{ needs.check-version.outputs.oclif_channel }} --access public --dry-run # --provenance no longer needed as OIDC uses that by default
 
       # NPM Release
       - name: Create NPM release
-        run: npm publish --tag ${{ needs.check-version.outputs.oclif_channel }} --provenance --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.HD_CLI_NPM_TOKEN }}
+        run: npm publish --tag ${{ needs.check-version.outputs.oclif_channel }} --access public # --provenance no longer needed as OIDC uses that by default
 
   publish-images:
     name: Publish Images