feat: enable release attestation through GitHub Actions (#1651)

Author: MichaelSun90

.github/workflows/release.yml

@@ -8,6 +8,11 @@ jobs:
   release:
     name: Release
     runs-on: ubuntu-latest
+    permissions:
+      contents: write # to be able to publish a GitHub release
+      issues: write # to be able to comment on released issues
+      pull-requests: write # to be able to comment on released pull requests
+      id-token: write # to enable use of OIDC for npm provenance
     steps:
     - uses: actions/[email protected]
 
@@ -16,7 +21,8 @@ jobs:
       with:
         node-version: 18
         cache: 'npm'
-
+    - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
+      run: npm audit signatures
     - name: Tag latest release
       run: |
         echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > ~/.npmrc