Avoid sharing npm draft artifacts between workflows

[klutchell]

There are various security exploits when downloading artifacts from a previous workflow:

• https://0xn3va.gitbook.io/cheat-sheets/ci-cd/github/actions#artifact-poisoning
• https://www.legitsecurity.com/blog/github-actions-that-open-the-door-to-cicd-pipeline-attacks

Flowzone only uses this action for one job, npm finalize. If we can finalize in some way that does not require downloading artifacts from a previous run that would be much more secure.