fix: add OIDC token authentication for NuGet Trusted Publishing

- Request OIDC token from GitHub Actions
- Pass token as API key to dotnet nuget push
- This enables Trusted Publishing without storing secrets

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

Author: ANcpLua

.github/workflows/nuget-publish.yml

@@ -44,7 +44,14 @@ jobs:
 
       - name: Publish packages to NuGet.org
         if: github.event_name == 'release' || github.event_name == 'workflow_dispatch'
+        env:
+          NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
+          # Request OIDC token for NuGet Trusted Publishing
+          OIDC_TOKEN=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=api://AzureADTokenExchange" | jq -r '.value')
+
+          # Push package with OIDC token
           dotnet nuget push ./nupkg/*.nupkg \
             --source https://api.nuget.org/v3/index.json \
+            --api-key "$OIDC_TOKEN" \
             --skip-duplicate

SWEN3.Paperless.RabbitMq/RabbitMqExtensions.cs

@@ -12,6 +12,7 @@ namespace SWEN3.Paperless.RabbitMq;
 /// <summary>
 ///     <para>Use <see cref="PublishingExtensions.PublishOcrCommandAsync{T}" /> to publish OCR commands.</para>
 ///     <para>Use <see cref="PublishingExtensions.PublishOcrEventAsync{T}" /> to publish OCR events.</para>
+///     <para>Use <see cref="GenAIPublishingExtensions.PublishGenAICommandAsync{T}" /> to publish GenAI commands (e.g., summaries).</para>
 ///     <para>Use <see cref="GenAIPublishingExtensions.PublishGenAIEventAsync{T}" /> to publish GenAI events.</para>
 ///     <para>Use <see cref="IRabbitMqConsumerFactory.CreateConsumerAsync{T}" /> to create message consumers.</para>
 ///     <para>Use <see cref="PaperlessEndpointExtensions.MapOcrEventStream" /> to map OCR SSE endpoint.</para>