Activate trusted publishing

[maurerle]

Publishing CI did show the following warning

Warning: The workflow was run with the 'attestations: true' input, but an explicit password was also set, disabling Trusted Publishing. As a result, the attestations input is ignored.
Warning: Trusted Publishers allows publishing packages to PyPI from automated environments like GitHub Actions without needing to use username/password combinations or API tokens to authenticate with PyPI. Read more: https://docs.pypi.org/trusted-publishers
Warning: A new Trusted Publisher for the currently running publishing workflow can be created by accessing the following link(s) while logged-in as an owner of the package(s):
- https://pypi.org/manage/project/mango-agents/settings/publishing/?provider=github&owner=OFFIS-DAI&repository=mango&workflow_filename=publish-mango.yml

It's not required, but it makes sense to enable this, as trusted publishing also adds verified signatures on pypi: https://blog.pypi.org/posts/2024-11-14-pypi-now-supports-digital-attestations/