feat: npm trust command

[reggi]

Introducing npm trust 🎉

A new command / set of registry api endpoints that allows a user to add, remove and check the Trusted configurations between npm's registry and Trusted Publishers.

This command will allow maintainers to have a mechanism for managing their configurations outside of the npm website.

A lot of maintainers have mentioned how they'd like to be able to set Trusted Publishing "in bulk" and this solution allows maintainers to setup a simple bash script to loop over and set these configurations for many packages / repositories quickly.

These commands will require two-factor auth, it's not based on package access settings, or your account having 2fa enabled. The two-factor confirmation page will have the 2fa "cooldown" checkbox like npm publish which will allow you to not have to re-enter the 2fa for this endpoint for a set amount of time for a given IP address.

$ npm trust --help
Create a trusted relationship between a package and a OIDC provider

Usage:
npm trust

Subcommands:
  github
    Create a trusted relationship between a package and GitHub Actions

  gitlab
    Create a trusted relationship between a package and GitLab CI/CD

  list
    List trusted relationships for a package

  revoke
    Revoke a trusted relationship for a package

Run "npm trust <subcommand> --help" for more info on a subcommand.

Run "npm help trust" for more info