Remove API token secrets, use trusted publishing only

Co-authored-by: Cursor <cursoragent@cursor.com>

Author: Cursor

.github/workflows/publish.yml

@@ -62,10 +62,6 @@ jobs:
 
       - name: Publish to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          # Uses trusted publishing (OIDC) - no API token needed if configured
-          # Fallback to API token if trusted publishing not set up
-          password: ${{ secrets.PYPI_API_TOKEN }}
 
   publish-to-testpypi:
     name: Publish to TestPyPI
@@ -91,4 +87,3 @@ jobs:
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
           repository-url: https://test.pypi.org/legacy/
-          password: ${{ secrets.TEST_PYPI_API_TOKEN }}