Change to npm trusted publish bey default

[fengmk2]

Use env to set npm token is not safe, see https://socket.dev/blog/nx-packages-compromised

https://docs.npmjs.com/trusted-publishers

[fengmk2]

There is a chicken and egg problem here. npm needs to have a package before it can be changed to trusted publish. 😭