Update Python publish workflow for releases

Trigger workflow on published releases instead of created. Add permissions for id-token, specify environment, and update job naming for clarity. Remove explicit PyPI credentials in favor of improved security practices.

Author: BattlefieldDuck

.github/workflows/python-publish.yml

@@ -5,27 +5,34 @@ name: Upload Python Package
 
 on:
   release:
-    types: [created]
+    types: [published]
 
-jobs:
-  deploy:
+permissions:
+  contents: read
+  id-token: write
 
+jobs:
+  publish:
     runs-on: ubuntu-latest
+    environment:
+      name: release
+      url: https://pypi.org/p/opengsq
 
     steps:
     - uses: actions/checkout@v5
+
     - name: Set up Python
       uses: actions/setup-python@v6
       with:
         python-version: '3.x'
+
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
         pip install build
+
     - name: Build package
       run: python -m build
+
     - name: Publish package
       uses: pypa/gh-action-pypi-publish@release/v1
-      with:
-        user: __token__
-        password: ${{ secrets.PYPI_API_TOKEN }}