ci: switch NPM publishing to Trusted Publishing (OIDC)

Replace static NPM_TOKEN with OIDC-based authentication for improved
security. This uses NPM's Trusted Publishing feature which:
- Eliminates need for long-lived tokens
- Provides provenance attestation
- Is the recommended approach by npm

Requires configuring Trusted Publishing in npm package settings:
- Repository owner: czlonkowski
- Repository name: n8n-mcp
- Workflow filename: release.yml

Conceived by Romuald Członkowski - www.aiadvisors.pl/en

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

.github/workflows/release.yml

@@ -308,6 +308,9 @@ jobs:
     runs-on: ubuntu-latest
     needs: [detect-version-change, build-and-verify, create-release]
     if: needs.detect-version-change.outputs.version-changed == 'true'
+    permissions:
+      contents: read
+      id-token: write  # Required for NPM Trusted Publishing (OIDC)
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -393,9 +396,7 @@ jobs:
           max_attempts: 3
           command: |
             cd npm-publish-temp
-            npm publish --access public
+            npm publish --access public --provenance
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
       
       - name: Clean up
         if: always()