chore(ci): Publish to NPM with provenance (#5835)

The release process in this repository is already automated via
GitHub Actions, which is a great first step toward creating trust in the
supply chain. Recently, NPM has started to support publishing with the
`--provenance` flag. This flag creates a link between the GitHub Actions
run that created the release and the final artifact on NPM. This linkage
further ensures that package installs can be traced back to a specific
code revision.

For more information on publishing with provenance, please refer to:
https://github.blog/2023-04-19-introducing-npm-package-provenance/

Co-authored-by: Jay <jasonsaayman@gmail.com>
Co-authored-by: Dmitriy Mozgovoy <robotshara@gmail.com>

.github/workflows/publish.yml

@@ -11,6 +11,9 @@ jobs:
   publish:
     if: github.event_name == 'workflow_dispatch' || (github.event.pull_request.merged == true && github.event.pull_request.head.label == 'axios:release')
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - name: "Release PR info"
         if: github.event_name != 'workflow_dispatch'
@@ -22,7 +25,7 @@ jobs:
           git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
       - uses: actions/setup-node@v3
         with:
-          node-version: 16
+          node-version: 18
           registry-url: https://registry.npmjs.org/
       - run: npm ci
       - name: get-npm-version
@@ -50,7 +53,7 @@ jobs:
             ${{ steps.extract-release-notes.outputs.release_notes }}
       ############# NPM RELEASE ##############
       - name: Publish the release to NPM
-        run: npm publish
+        run: npm publish --provenance --access public
         env:
           NODE_AUTH_TOKEN: ${{secrets.npm_token}}
       ###### NOTIFY & TAG published PRs ######