Update autodeploy to use OIDC

This replaces the need for API tokens in PyPI,
which is both the more modern approach
and less tied to individual accounts.

Author: sserita

.github/workflows/autodeploy.yml

@@ -70,6 +70,9 @@ jobs:
     needs: [build_wheels, build_sdist]
     runs-on: ubuntu-latest
     if: github.event_name == 'release' && github.event.action == 'published'
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      id-token: write
     steps:
       - uses: actions/download-artifact@v4
         with:
@@ -79,7 +82,5 @@ jobs:
 
       - name: Publish package on PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          user: __token__
-          password: ${{ secrets.PYPI_API_TOKEN }}
-          verbose: true
+        # With the use of OIDC, API tokens are no longer needed
+        # See https://docs.pypi.org/trusted-publishers/using-a-publisher/ for more info