rel: use trusted publishing #417
Description
https://docs.pypi.org/trusted-publishers/
Saves us a manual step. Then we just need to make a tag in the UI and get a release and PyPI package.
AFAIK it's a stanza in the CI config and a single variable to set in the PyPI setting.
Cons :: Mistakes on PyPI have to be marked as yanked, can't delete and re-up the same version.