ci: migrate PyPI release to trusted publishing

[bhimrazy]

What does this PR do?

Migrates the PyPI release workflow from token-based authentication to OIDC trusted publishing, aligning with the release pattern used in related Lightning repositories.

• Publishes to PyPI using OIDC (permissions: id-token: write) instead of the pypi_password secret
• Uploads built distributions to the GitHub Release page
• Pins release workflow actions to commit SHAs for supply-chain security

Pre-requisite before merging: configure a trusted publisher on the LitServe PyPI project

ref pr: Lightning-AI/litData#827

PR review

Anyone in the community is free to review the PR once the tests have passed.
If we did not discuss your PR in GitHub issues there is a high chance it will not be merged.

Did you have fun?

Make sure you had fun coding 🙃

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85%. Comparing base (aaed44c) to head (149665a).
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@         Coverage Diff         @@
##           main   #709   +/-   ##
===================================
  Coverage    85%    85%           
===================================
  Files        39     39           
  Lines      3282   3282           
===================================
  Hits       2778   2778           
  Misses      504    504           

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.