chore: npm trusted publisher

Author: cyyynthia

.github/workflows/build.yml .github/workflows/build.yaml.github/workflows/build.yml renamed to .github/workflows/build.yaml

@@ -9,18 +9,17 @@ jobs:
     publish:
         runs-on: ubuntu-latest
         permissions:
-            id-token: write  # Required for provenance
+            id-token: write  # Required for provenance and Trusted Publishing
+            contents: read
         steps:
             - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
             - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4
             - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
               with:
                 registry-url: 'https://registry.npmjs.org'
-                node-version: 22
+                node-version: 24
                 cache: pnpm
 
             - run: pnpm install
             - run: pnpm build
             - run: pnpm publish --provenance --access public --no-git-checks
-              env:
-                NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}