Mitigate the PyPI API token

[maresb]

(See also: pymc-devs/pytensor#1306)

Description

There's currently an API token for PyPI in the secrets that we're no longer using since we migrated to trusted publishing in #409. (Project admins can see the token here.)

While we could and should delete this token from this repo's secrets, it would be much better if we could deactivate the token first. (Otherwise there's a perpetual risk that the token unexpectedly exists somewhere and could still be compromised.)

I can see that this token is associated with @fonnesbeck's account, so I'd recommend disabling that token (as well as ensuring that all other projects are migrated to trusted publishing and deleting those tokens too).

[maresb]

According to pymc-devs/pymc#7731 (comment), @fonnesbeck has removed all the tokens from his PyPI account.