Update workflow to use PyPI Trusted Publisher framework

References:
* https://docs.pypi.org/trusted-publishers/using-a-publisher/
* https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idneeds

Signed-off-by: Alex Nelson <alexander.nelson@nist.gov>

Author: ajnelson-nist

.github/workflows/ci.yml

@@ -58,9 +58,13 @@ jobs:
         run: |
           poetry build
 
-      # Only push to PyPi when a tag is created starting with 'v'
+  pypi-publish:
+    needs: build
+    environment: release
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      # https://docs.pypi.org/trusted-publishers/using-a-publisher/
+      id-token: write
+    steps:
       - name: Push to PyPi
-        if: startsWith(github.ref, 'refs/tags/v')
-        run: |
-          poetry config pypi-token.pypi ${{ secrets.PYPI_TOKEN }}
-          poetry publish
+        uses: pypa/gh-action-pypi-publish@release/v1