Use NuGet Trusted Publishing

[martincostello]

Switch to using GitHub OIDC for pushing packages to NuGet.org with Trusted Publishing.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.59%. Comparing base (8845dcd) to head (12ca4bf).
⚠️ Report is 7 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1019   +/-   ##
=======================================
  Coverage   98.59%   98.59%           
=======================================
  Files          16       16           
  Lines         284      284           
  Branches       37       37           
=======================================
  Hits          280      280           
  Misses          2        2           
  Partials        2        2           

Flag	Coverage Δ
linux	98.59% <ø> (ø)
macos	98.59% <ø> (+0.70%)	⬆️
windows	98.59% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[Copilot]

Pull Request Overview

This PR migrates the NuGet package publishing workflow from API key authentication to GitHub OIDC Trusted Publishing for enhanced security.

• Adds OIDC token permissions and NuGet login action for trusted publishing
• Replaces static API key secret with dynamically generated token from login step
• Maintains existing package publishing logic while improving authentication security

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}