chore(workflow): implement trusted npm publishing in GitHub Actions

- Updated the publish command in .releaserc.json to use an environment variable for the npm command, enhancing security for trusted publishing.
- Added a step in the publish-to-npm-alpha.yml workflow to resolve the trusted npm command and set it as an environment variable.

Author: mapleeit

.github/workflows/publish-to-npm-alpha.yml

@@ -24,6 +24,10 @@ jobs:
           registry-url: "https://registry.npmjs.org"
       - name: Upgrade npm for trusted publishing
         run: npm install -g npm@11.6.2
+      - name: Resolve trusted publishing npm
+        run: |
+          echo "TRUSTED_PUBLISH_NPM=$(command -v npm)" >> "$GITHUB_ENV"
+          "$(command -v npm)" --version
       - name: Show runtime versions
         run: node --version && npm --version
       - name: Install dependencies

.releaserc.json

@@ -7,7 +7,7 @@
     "@semantic-release/commit-analyzer",
     "@semantic-release/release-notes-generator",
     ["@semantic-release/npm", { "npmPublish": false }],
-    ["@semantic-release/exec", { "publishCmd": "npm publish --provenance --access public --loglevel verbose" }],
+    ["@semantic-release/exec", { "publishCmd": "\"$TRUSTED_PUBLISH_NPM\" publish --provenance --access public --loglevel verbose" }],
     "@semantic-release/github"
   ]
 }