Update release pipeline for trusted publishing (#798)

Author: viceroypenguin

.github/workflows/release.yml

@@ -6,11 +6,11 @@ on:
     tags:
       - '**'
 
-permissions:
-  contents: write
-
 jobs:
   release:
+    permissions:
+      id-token: write # enable GitHub OIDC token issuance for this job
+      contents: write # enable github releases
 
     runs-on: ubuntu-latest
 
@@ -38,8 +38,15 @@ jobs:
 
     - name: Package 
       run: dotnet pack -c Release --no-build --property:PackageOutputPath=../../nupkgs
+
+    - name: NuGet login (OIDC → temp API key)
+      uses: NuGet/login@v1
+      id: login
+      with:
+        user: viceroypenguin
+
     - name: Push to Nuget
-      run: dotnet nuget push "./nupkgs/*.nupkg" --source "https://api.nuget.org/v3/index.json" --api-key ${{ secrets.NUGETPUBLISHKEY }}
+      run: dotnet nuget push "./nupkgs/*.nupkg" --source "https://api.nuget.org/v3/index.json" --api-key ${{ steps.login.outputs.NUGET_API_KEY }}
 
     - name: Create Release
       uses: ncipollo/release-action@v1