Update workflow for npm OIDC trusted publishing with provenance

Author: caseymanos

.github/workflows/prebuild.yml

@@ -67,6 +67,11 @@ jobs:
     runs-on: ubuntu-latest
     if: startsWith(github.ref, 'refs/tags/v')
 
+    # Required for npm OIDC trusted publishing
+    permissions:
+      contents: read
+      id-token: write
+
     steps:
       - uses: actions/checkout@v4
 
@@ -95,7 +100,7 @@ jobs:
       - name: Build TypeScript
         run: npm run build:ts
 
-      - name: Publish to npm
-        run: npm publish --access public
+      - name: Publish to npm with provenance
+        run: npm publish --access public --provenance
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}