feat: enable npm OIDC trusted publisher with provenance

Add id-token permission and configure registry URL for npm OIDC authentication. Enable NPM_CONFIG_PROVENANCE to generate package attestations linked to this GitHub Actions workflow.

Author: jonluca

.github/workflows/CI-CD.yaml

@@ -107,11 +107,15 @@ jobs:
     needs:
       - node_tests
       - browser_tests
+    permissions:
+      contents: write
+      id-token: write
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
         with:
           node-version: lts/*
+          registry-url: https://registry.npmjs.org
 
       - name: Install dependencies
         run: yarn install --frozen-lockfile
@@ -124,3 +128,4 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NPM_CONFIG_PROVENANCE: true