chore(npm): Update release npm action to stop using tokens

[gnbm]

Pull request checklist

Please check if your PR fulfills the following requirements:

• Docs have been reviewed and added / updated if needed (for bug fixes / features)
• Build (npm run build) was run locally and any changes were pushed
• Tests (npm test) were run locally and passed
• Prettier (npm run prettier) was run locally and passed

Pull request type

Please check the type of change your PR introduces:

• Bugfix
• Feature
• Refactoring (no functional changes, no api changes)
• Build related changes
• Documentation content changes
• Other (please describe): Workflow configuration update

What is the current behavior?

• release.yml depended on long-lived tokens (e.g. GH_ADMIN_PAT) and calls the reusable publish action without OIDC, so it doesn’t meet npm’s trusted publishing requirements.

GitHub Issue Number: N/A

What is the new behavior?

• Granted workflow-level id-token: write, allowing GitHub to mint OIDC tokens.
• Called stenciljs/.github/actions/publish-npm@e9945bdf51e97eee158513427ecf7be3d3a80443 with only the inputs required for trusted publishing; rely on github.token for repo writes.
  • will require another one to set the right commit
• Removed custom download inputs so the reusable action handles setup consistently.

Does this introduce a breaking change?

• Yes
• No

Testing

• Workflow file validated with GitHub Actions schema (lint).
• No pipeline run executed; will monitor the first release job after the merge.

Other information

• N/A