build and upload to PyPI

[wollew]

This should fix #565, once PyPI setup is complete. What it does:

In the CI workflow:

• Tests run for Python 3.11 .. 3.14
• It removes the "build" job in ci.yml which as far as I understand did not build anything at all really.
• Trigger a secondary workflow in case a tag triggered the CI run

Introduce a secondary publish.yml workflow:

• runs on published releases and triggered by CI workflow on tags
• Build packages as described in https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/#workflow-definition
• To build it uses Python '3.x' which is specified as "latest stable version of Python" (c.f. https://github.com/actions/setup-python/blob/main/docs/advanced-usage.md)
• The build result is published to TestPyPI for tag builds. This will fail for subsequent builds with the same version number once a version was successfully built and published, so you might want to disable/remove this job once it is confirmed that everything is working.
• The build result is published to PyPI for releases created through github. The docs state that manual approval is needed for the "pypi" environment, I don't know how that exactly looks like because I couldn't test for obvious reasons, my repo just tried the upload (EDIT: as far as I understand it this is only a process requirement, not a technical one).

Steps necessary on PyPI & TestPyPI (separate accounts!): Just follow the instructions on the above mentioned page , this should be it?!

One more thing: the reason for separating this out into a second workflow are security related, you grant access to a specific workflow on the PyPI side, so this should not be the general CI workflow.