Provide provenance to packages in npmjs.org

For our published packages, make use of Sigstore as we are doing on other parts of the project to provide a signed provenance of the builds.

More info:
https://docs.npmjs.com/generating-provenance-statements
https://slsa.dev
https://sigstore.dev



### Acceptance criteria

- Update the release GH jobs to create the release artifacts with provenance included