Add GitHub Actions workflow for NuGet trusted publishing

This workflow builds, tests, and publishes the NuGet package using
OIDC-based trusted publishing instead of long-lived API keys.

The publish job requires the 'nuget' environment which can be
configured with required reviewers for release approval.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: oschwald

.github/workflows/release.yml

@@ -0,0 +1,69 @@
+name: Build and publish to NuGet
+
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+      - main
+  release:
+    types:
+      - published
+
+permissions: {}
+
+jobs:
+  build:
+    runs-on: windows-latest
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          submodules: true
+          persist-credentials: false
+
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v5
+        with:
+          dotnet-version: |
+            8.0.x
+            9.0.x
+            10.0.x
+
+      - name: Build
+        run: dotnet build -c Release
+
+      - name: Run tests
+        run: dotnet test -c Release
+        env:
+          MAXMIND_TEST_BASE_DIR: ${{ github.workspace }}/MaxMind.Db.Test
+
+      - name: Pack
+        run: dotnet pack -c Release MaxMind.Db/MaxMind.Db.csproj
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v5
+        with:
+          name: nuget-packages
+          path: MaxMind.Db/bin/Release/*.nupkg
+
+  publish:
+    needs: build
+    runs-on: windows-latest
+    environment: nuget
+    permissions:
+      id-token: write
+    if: github.event_name == 'release' && github.event.action == 'published'
+    steps:
+      - name: Download artifacts
+        uses: actions/download-artifact@v6
+        with:
+          name: nuget-packages
+          path: packages
+
+      - name: NuGet login
+        uses: nuget/login@v1
+        with:
+          user: maxmind
+
+      - name: Push to NuGet
+        run: dotnet nuget push packages/*.nupkg --api-key "${{ env.NUGET_API_KEY }}" --source https://api.nuget.org/v3/index.json