Consider switching to TrustedPublishing for PyPI uploads

[grst]

Squidpy still uses PyPI tokens for uploading releases

https://github.com/scverse/squidpy/blob/7d3761f58de6729e4e2dff4ffdc650e64f0f2111/.github/workflows/deployment.yml#L36-L42

Consider switching to trusted publishing which is nowadays the recommended way to connect to PyPI

This confers significant usability and security advantages when compared to PyPI's traditional authentication methods:

Usability: with trusted publishing, users no longer need to manually create API tokens on PyPI and copy-paste them into their CI provider. The only manual step is configuring the publisher on PyPI. Security: PyPI's normal API tokens are long-lived, meaning that an attacker who compromises a package's release token can use it until its legitimate user notices and manually revokes it. Trusted publishing avoids this problem because the tokens minted expire automatically.

For an example, see our cookiecutter.