chore: adds release environment to npm publish workflow (#248)

NPM package publishing will be migrated to use Trusted Publishing (via
OIDC).

To ensure security and restrict access, we will configure the OIDC token
request to only be available to jobs running in the dedicated 'release'
environment. This environment will be a required condition for obtaining
the necessary NPM token.

Author: jwndlng

.github/workflows/publish-frontend.yml

@@ -9,6 +9,7 @@ on:
 jobs:
   publish:
     if: startsWith(github.ref, 'refs/tags/frontend/@dfinity/vetkeys/')
+    environment: release
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -42,11 +43,11 @@ jobs:
             exit 1
           fi
       - run: |
-          npm install
+          npm ci
           cd frontend/ic_vetkeys
           npm list
           npm run build
           npm audit
           npm publish --provenance --access public
         env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}