Switch to trusted publishing for PyPI publish in CI (#110)

Author: EpicWink

.github/workflows/ci.yml

@@ -199,6 +199,12 @@ jobs:
     runs-on: ubuntu-latest
     needs: [tests, release]
     if: success() && startsWith(github.ref, 'refs/tags/v')
+    environment:
+      name: pypi
+      url: https://pypi.org/p/rendercanvas
+    permissions:
+      contents: write
+      id-token: write
     steps:
     - uses: actions/checkout@v4
     - name: Set up Python
@@ -222,5 +228,4 @@ jobs:
     - name: Publish to PyPI
       uses: pypa/gh-action-pypi-publish@release/v1
       with:
-        user: __token__
-        password: ${{ secrets.PYPI_PASSWORD }}
+        print-hash: true