Add trusted_publishing via Pypi

[michaelfeil]

Benefit: If someone submits a PR, they cannot steal the PYPI_TOKEN
Closes #84

Adapted from:
https://github.com/pypa/gh-action-pypi-publish?tab=readme-ov-file#trusted-publishing

There are some steps that the admin of this repo need to do. Both are UI actions.

TODO:

1. Pypi.org Follow pypi guide https://docs.pypi.org/trusted-publishers/adding-a-publisher/

This should roughly do it

- owner "sarugaku"
- repository name "shellingham"
- workflow "publish.yml"
- environment name "pypi" # The name of environment in the yaml needs to match the name of the github UI and what you put on pypi

2. Github.com Create a environment named "pypi" in github UI under environments.
   Below a screenshot of project github.com/michaelfeil/infinity and added e.g. me as Required Reviewer (e.g. if someone else pushes a tag to my repo, this stalls the github CI, and I get a notification to approve the publish.yml workflow)
   

[michaelfeil]

@uranusjr

[uranusjr]

Alright I think I’ve set things up… Let’s see next time we need to release something. Thanks a lot!