Add Trusted Publishing config (#2221)

Author: tarcieri

.github/workflows/publish.yml

@@ -0,0 +1,61 @@
+name: Publish to crates.io
+on:
+  push:
+    tags: [
+      "base16ct/v**",
+      "base32ct/v**",
+      "base64ct/v**",
+      "cmpv2/v**",
+      "cms/v**",
+      "const-oid/v**",
+      "crmf/v**",
+      "der/v**",
+      "gss-api/v**",
+      "mcf/v**",
+      "pem-rfc7468/v**",
+      "phc/v**",
+      "pkcs1/v**",
+      "pkcs5/v**",
+      "pkcs8/v**",
+      "pkcs12/v**",
+      "sec1/v**",
+      "serdect/v**",
+      "spki/v**",
+      "tai64/v**",
+      "x509-cert/v**",
+      "x509-ocsp/v**",
+      "x509-tsp/v**"
+    ]
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    environment: publish
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/checkout@v6
+      - uses: rust-lang/crates-io-auth-action@v1
+        id: auth
+
+      - name: Extract Crate Name and Version
+        run: |
+          TAG_NAME="${{ github.ref_name }}"
+          CRATE_NAME=${TAG_NAME%/v**}
+          CRATE_VERSION=${TAG_NAME##*/v}
+          echo $CRATE_NAME $CRATE_VERSION
+          echo "CRATE_NAME=${CRATE_NAME}" >> $GITHUB_ENV
+          echo "CRATE_VERSION=${CRATE_VERSION}" >> $GITHUB_ENV
+
+      - name: Check crate version
+        working-directory: ${{ env.CRATE_NAME }}
+        run: |
+          CRATE_TOML_VERSION=$(grep "^version =" Cargo.toml | cut -d'"' -f2)
+          echo $CRATE_TOML_VERSION
+          [[ $CRATE_TOML_VERSION == $CRATE_VERSION ]]
+
+      - name: Publish
+        working-directory: ${{ env.CRATE_NAME }}
+        env:
+          CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}
+        run: cargo publish