[docs] Add 2FA requirements for publishing private packages

Author: shmam

content/packages-and-modules/contributing-packages-to-the-registry/creating-and-publishing-private-packages.mdx

@@ -81,6 +81,16 @@ npm install my-package
 
 By default, scoped packages are published with private visibility.
 
+<Note>
+
+**Important:** Before you can publish, you must have either:
+- [Two-factor authentication (2FA)][config-2fa] enabled on your account, OR
+- A [granular access token with bypass 2FA enabled][creating-token] (required for CI/CD workflows)
+
+For more information, see "[Requiring 2FA for package publishing][requiring-2fa]."
+
+</Note>
+
 1. On the command line, navigate to the root directory of your package.
 
    ```
@@ -109,3 +119,6 @@ For more information on the `publish` command, see the [CLI documentation][cli-p
 [cli-publish]: /cli/publish
 [reg-config]: configuring-your-registry-settings-as-an-npm-enterprise-user#using-npmrc-to-manage-multiple-profiles-for-different-registries
 [pii]: https://en.wikipedia.org/wiki/Personally_identifiable_information
+[config-2fa]: /configuring-two-factor-authentication
+[creating-token]: /creating-and-viewing-access-tokens
+[requiring-2fa]: /requiring-2fa-for-package-publishing-and-settings-modification