Use npm OIDC trusted publishing instead of NPM_TOKEN

- Upgrade to Node 22 and npm@latest (11.5.1+ required for OIDC)
- Remove --provenance flag (automatic with OIDC)
- Remove NPM_TOKEN dependency

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: naveensky

.github/workflows/npm-publish.yml

@@ -3,7 +3,7 @@ name: Publish to NPM
 on:
   push:
     branches:
-      - main
+      - npm-publish
 
 permissions:
   id-token: write   # Required for npm provenance (OIDC)
@@ -20,9 +20,12 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: '22'
           registry-url: 'https://registry.npmjs.org'
 
+      - name: Update npm for OIDC support
+        run: npm install -g npm@latest
+
       - name: Install dependencies
         run: npm install
 
@@ -49,4 +52,4 @@ jobs:
 
       - name: Publish to NPM
         if: steps.version-check.outputs.should_publish == 'true'
-        run: npm publish --access=public --provenance
+        run: npm publish --access=public