feat: add npm trusted publishing with OIDC authentication

[ls-ramos]

Success criteria

• Packages can be published to npm using OIDC authentication (trusted publishing)
• No long-lived npm tokens are required in GitHub secrets
• Provenance attestations are automatically generated for published packages
• New publish workflow triggers on push to main branch

How to test

1. Configure trusted publisher on npmjs.com for this package:
   • Organization: Cognigy
   • Repository: SocketClient
   • Workflow filename: publish.yml
2. Merge this PR and push to main
3. Verify the package is published successfully without npm tokens

Security

• Possible injection vector
• Authentication/Access controls touched
• Sensitive Data could be exposed
• XSS
• Logging/Monitoring touched
• Exchanges data with external systems
• No security implications

Additional considerations

• This PR might have performance implications

Documentation Considerations

These are hints for the documentation team to help write the docs.

[graymalkin77]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[Copilot]

Pull request overview

This PR introduces automated npm package publishing using OIDC-based trusted publishing, eliminating the need for long-lived npm authentication tokens stored in GitHub secrets.

Changes:

• Added a new GitHub Actions workflow that publishes to npm on pushes to the main branch
• Configured OIDC authentication for secure, token-free publishing
• Enabled automatic provenance attestation generation for published packages

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.