chore: update workflow file to use npm trusted publishing

Author: michaelwittwer

.github/workflows/main.yml

@@ -13,6 +13,10 @@ on:
       - '**'
     tags-ignore:
       - '**'
+
+permissions:
+  contents: read
+
 jobs:
   test:
     strategy:
@@ -38,6 +42,11 @@ jobs:
   build:
     needs: test
     runs-on: ubuntu-latest
+    permissions:
+      contents: write # to be able to publish a GitHub release
+      issues: write # to be able to comment on released issues
+      pull-requests: write # to be able to comment on released pull requests
+      id-token: write # to enable use of OIDC for trusted publishing and npm provenance
     steps:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
@@ -73,7 +82,6 @@ jobs:
           npm run docs:deploy
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
 
       # publish pre-release if non master branch and allowed by .releaserc.yml configuration (only for non-PR branches)
       - name: release non-master version