switch from API tokens to OIDC for PyPI uploads (#235)

Author: slayoo

.github/workflows/tests+pypi.yml

@@ -125,6 +125,8 @@ jobs:
   dist_check:
     runs-on: ubuntu-latest
     needs: [build]
+    permissions:
+      id-token: write
     steps:
     - uses: actions/setup-python@v2
     - run: pip install twine auditwheel
@@ -146,9 +148,6 @@ jobs:
     - if: github.event_name == 'push' && github.ref == 'refs/heads/main'
       uses: pypa/gh-action-pypi-publish@master
       with:
-        password: ${{ secrets.TEST_PYPI_API_TOKEN }}
         repository_url: https://test.pypi.org/legacy/
     - if: startsWith(github.ref, 'refs/tags')
       uses: pypa/gh-action-pypi-publish@master
-      with:
-        password: ${{ secrets.PYPI_API_TOKEN }}