ci: fix npm publish via OIDC trusted publishing

The npm CLI bundled with Node 22.x (10.9.x) does not support OIDC
trusted-publisher auth at the npm registry; that landed in npm 11.5.1.
This caused the publish job for pcloud-kit@0.1.1 to sign provenance
successfully but get a masked 404 on PUT to the registry.

- Bump actions/setup-node to v6.
- Install npm@~11.10.0 globally on the runner before publishing
  (pinned to avoid the self-upgrade bug on Node 22.22.2 — see
  npm/cli#9151).
- Switch the publish step from `pnpm publish` to `npm publish` to
  go through npm CLI's OIDC code path directly. Drop pnpm-only
  `--no-git-checks` flag.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: Belco90

.github/workflows/release-please.yml

@@ -36,12 +36,15 @@ jobs:
 
       - uses: pnpm/action-setup@v4
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
           node-version-file: .nvmrc
           registry-url: https://registry.npmjs.org
           cache: pnpm
 
+      - name: Upgrade npm for OIDC trusted publishing
+        run: npm install -g npm@~11.10.0
+
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
 
@@ -52,4 +55,4 @@ jobs:
         run: pnpm build
 
       - name: Publish to npm
-        run: pnpm publish --provenance --access public --no-git-checks --ignore-scripts
+        run: npm publish --provenance --access public --ignore-scripts