build: migrate npm publishing to OIDC trusted publishers

[chungjac]

Problem

npm has changed granular token from unlimited expiration to 90 day max limit: https://github.blog/changelog/2025-09-29-strengthening-npm-security-important-changes-to-authentication-and-token-management/#granular-npm-access-token-lifetime-limits

Solution

To allow us to not have to rotate token every 90 days, this pr migrates from a granular token stored in aws secrets manager to oidc authentication

Testing

For next flare release, will merge #2452 and see that workflow successfully publishes flare packges to npm

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 62.73%. Comparing base (11900ca) to head (bd0ed81).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2458   +/-   ##
=======================================
  Coverage   62.73%   62.73%           
=======================================
  Files         266      266           
  Lines       59697    59697           
  Branches     3842     3842           
=======================================
  Hits        37451    37451           
  Misses      22170    22170           
  Partials       76       76           

Flag	Coverage Δ
unittests	62.73% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.