ci(release): add sigstore npm integration through --provenance

[adrianbatuto]

Commit to be reviewed

---

ci(release): add sigstore npm integration through --provenance

Primary Changes
----------------
1. Added provenance config to the publish workflows.

Fixes #2623

Pull Request Requirements

• [ ] Rebased onto upstream/main branch and squashed into single commit to help maintainers review it more efficient and to avoid spaghetti git commit graphs that obfuscate which commit did exactly what change, when and, why.
• [ ] Have git sign off at the end of commit message to avoid being marked red. You can add -s flag when using git commit command. You may refer to this link for more information.
• [ ] Follow the Commit Linting specification. You may refer to this link for more information.

Character Limit

• [ ] Pull Request Title and Commit Subject must not exceed 72 characters (including spaces and special characters).
• [ ] Commit Message per line must not exceed 80 characters (including spaces and special characters).

A Must Read for Beginners For rebasing and squashing, here's a must read guide for beginners.

[adrianbatuto]

The config added in this PR have been tested as I published to npm using the workflows with my personal npm token. Please see the screenshots below of the two published packages with provenance.

@adrianbatuto/cactus-common

@adrianbatuto/cactus-core-api

[adrianbatuto]

@adrianbatuto Thank you! Could you please confirm that you've published the packages on the screenshots with the .github/workflows/all-nodejs-packages-publish.yaml workflow and not the other one? If no, then please double check that the mentioned workflow is working as well and then pass it back for review!

@petermetz, I was also able to publish with provenance using all-nodejs-packages-publish.yaml. https://github.com/adrianbatuto/cacti/actions/runs/11801663866