Update to use trusted publishers

[MichaelDeBoey]

Instructions by @kentcdodds

Review and modernize this repository’s GitHub Actions workflows to comply with the 2025 npm authentication and token management changes.

Focus only on updating workflow steps and permissions, not environment configuration or unrelated logic.

Specifically:

1. Upgrade all actions/checkout steps to the latest major version (currently v5).
2. Upgrade all actions/setup-node steps to the latest major version (currently v6).
3. Update node-version values to lts/* for the release job and if there's a matrix in place for other jobs, use relative versions from lts. For example: [lts/-1, lts/*, latest] so we don't have to keep these versions updated in the future. If it's a single node version, then lts/* alone works.
4. Upgrade cycjimmy/semantic-release-action to the latest major version (currently v5.0.2).
5. Update the semantic_version input to the current major (currently 25).
6. Remove all references to NPM_TOKEN, as npm releases now use GitHub’s OIDC authentication for provenance.
7. Add explicit permissions to the semantic-release job:
   permissions:
   contents: write # to be able to publish a GitHub release
   id-token: write # to enable use of OIDC for npm provenance
   issues: write # to be able to comment on released issues
   pull-requests: write # to be able to comment on released pull requests

Do not modify other permissions, secrets, job logic, or environment blocks unrelated to these security and release changes.