Don't persist credentials in pypi.yml

Ref: <https://woodruffw.github.io/zizmor/audits/#artipacked>

Author: maresb

.github/workflows/pypi.yml

@@ -30,6 +30,7 @@ jobs:
         with:
           fetch-depth: 0
           submodules: true
+          persist-credentials: false
 
       - name: Build SDist
         run: pipx run build --sdist
@@ -54,6 +55,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          persist-credentials: false
       - uses: hynek/build-and-inspect-python-package@v2
 
   build_wheels:
@@ -73,6 +75,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          persist-credentials: false
 
       - name: Build wheels
         uses: pypa/[email protected]
@@ -98,6 +101,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          persist-credentials: false
 
       - name: Set up Python
         uses: actions/setup-python@v5