i see that registry-auth-token does find and return a token from an .npmrc file that uses the legacy unscoped approach
we should:
at minimum, provide a more helpful warning that legacy config was found and highlight which file it was found in, so the error from npm is easier for users to track down and resolve.
likely also not accept the legacy token in verifyConditions
as highlighted in https://github.com/semantic-release/npm/issues/777#issuecomment-2093613403:
we should:
verifyConditions