Enable Provenance for NPM Package Publishing

[dipakparmar]

Hi team 👋,

Could you please enable Provenance for the axe-core-npm package when publishing to NPM?

Provenance provides signed, verifiable build metadata that improves supply-chain security and aligns with best practices recommended for open-source packages. Enabling it is straightforward in GitHub Actions.

Reference implementation and discussion:
lerna/lerna#3657 (comment)

This would help downstream consumers (including us) validate package integrity and origin.

Happy to submit a PR, if all good.

Thanks!