Improving Pypi validations by using a Trusted Publisher

[koletzilla]

Idea proposed by @mariocj89, documentation on Pypi side https://docs.pypi.org/trusted-publishers/

What is it

Pypi offers a way to publish to our Pypi account by using a "trusted third part service", in this case Github Actions, instead of just using the current token-authetication way. This has some advantages:

• Usability: with Trusted Publishing, users no longer need to manually create API tokens on PyPI and copy-paste them into their CI provider. The only manual step is configuring the publisher on PyPI.
• Security: PyPI's normal API tokens are long-lived, meaning that an attacker who compromises a package's release token can use it until its legitimate user notices and manually revokes it. Trusted Publishing avoids this problem because the tokens minted expire automatically.

This should help with the amount of Verified details that Pypi can check in our project. Right now it only verifies the number of Maintainers, but for example it doesn't validates the project links. To view an example of this, you can compare both Verified details section in the left column for dbt-clickhouse and another repository like dbt-adapters