ci(wheels): Use new pypi "trusted publisher" workflow

No PYPI_API_TOKEN secret needed -- see https://docs.pypi.org/trusted-publishers/using-a-publisher/

Signed-off-by: Zach Lewis <[email protected]>

.github/workflows/wheel.yml

@@ -301,6 +301,8 @@ jobs:
   upload_pypi:
     needs: [sdist, linux, macos, windows]
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/v')
     steps:
       - uses: actions/setup-python@v5
@@ -311,7 +313,4 @@ jobs:
           path: dist
           merge-multiple: true
 
-      - uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          user: __token__
-          password: ${{ secrets.PYPI_API_TOKEN }}
+      - uses: pypa/gh-action-pypi-publish@release/v1