chore(npm): attempt to fix issue with Trusted Publishers when using reusable workflows (#30787)

Issue number: resolves #

---------

<!-- Please do not submit updates to dependencies unless it fixes an
issue. -->

<!-- Please try to limit your pull request to one type (bugfix, feature,
etc). Submit multiple pull requests if needed. -->

## What is the current behavior?
<!-- Please describe the current behavior that you are modifying. -->
- Publishing to npm is failing due to the changes to move to Trusted
Publishers, since it seems that they still don't support reusable
workflows, as mentioned
[here](https://github.com/orgs/community/discussions/174507)
- The action to which we grant permissions on npm needs to follow a
strict path location `.github/workflows/` in your repository.

## What is the new behavior?
<!-- Please describe the behavior or changes that are being added by
this PR. -->

- Fixed permissions mismatch by applying the orchestrator method for npm
publish:
release-orchestrator.yml (contents: read, id-token: write)

  ├─→ nightly.yml (contents: read, id-token: write)
  │   └─→ release-ionic.yml (contents: read, id-token: write)
  │       └─→ publish-npm.yml (contents: read, id-token: write) ✅

  ├─→ dev-build.yml (contents: read, id-token: write)
  │   └─→ release-ionic.yml (contents: read, id-token: write)
  │       └─→ publish-npm.yml (contents: read, id-token: write) ✅

  └─→ release.yml (contents: read, id-token: write)
      └─→ release-ionic.yml (contents: read, id-token: write)
          └─→ publish-npm.yml (contents: read, id-token: write) ✅

- `release-orchestrator.yml` calls three workflows: `nightly.yml`,
`dev-build.yml`, and `release.yml`.
- All three call `release-ionic.yml`, which handles publishing multiple
packages.
- `release-ionic.yml` calls `publish-npm.yml` multiple times (once per
package).
- All workflows have `contents: read` and `id-token: write` permissions.
- `publish-npm.yml` is in `.github/workflows/`, which satisfies npm
Trusted Publishers requirements.
- This shows that `publish-npm.yml` is reachable through all three
release paths, and moving it to `.github/workflows/` ensures npm Trusted
Publishers can authenticate it correctly.




## Does this introduce a breaking change?

- [ ] Yes
- [x] No

<!--
  If this introduces a breaking change:
1. Describe the impact and migration path for existing applications
below.
  2. Update the BREAKING.md file with the breaking change.
3. Add "BREAKING CHANGE: [...]" to the commit description when merging.
See
https://github.com/ionic-team/ionic-framework/blob/main/docs/CONTRIBUTING.md#footer
for more information.
-->

- Run pipelines after merge


## Other information

<!-- Any other information that is important to this PR such as
screenshots of how the component looks before and after the change. -->
- The workflow `release-orchestrator.yml` needs to be the one set up in
the npm package settings for the Trusted Publishers

.github/workflows/release-ionic.yml

@@ -24,7 +24,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-    - uses: ./.github/workflows/actions/publish-npm
+    - uses: ./.github/workflows/publish-npm.yml
       with:
         scope: '@ionic/core'
         tag: ${{ inputs.tag }}
@@ -55,7 +55,7 @@ jobs:
         name: ionic-docs
         path: ./packages/docs
         filename: DocsBuild.zip
-    - uses: ./.github/workflows/actions/publish-npm
+    - uses: ./.github/workflows/publish-npm.yml
       with:
         scope: '@ionic/docs'
         tag: ${{ inputs.tag }}
@@ -74,7 +74,7 @@ jobs:
         name: ionic-core
         path: ./core
         filename: CoreBuild.zip
-    - uses: ./.github/workflows/actions/publish-npm
+    - uses: ./.github/workflows/publish-npm.yml
       with:
         scope: '@ionic/angular'
         tag: ${{ inputs.tag }}
@@ -100,7 +100,7 @@ jobs:
         name: ionic-core
         path: ./core
         filename: CoreBuild.zip
-    - uses: ./.github/workflows/actions/publish-npm
+    - uses: ./.github/workflows/publish-npm.yml
       with:
         scope: '@ionic/react'
         tag: ${{ inputs.tag }}
@@ -125,7 +125,7 @@ jobs:
         name: ionic-core
         path: ./core
         filename: CoreBuild.zip
-    - uses: ./.github/workflows/actions/publish-npm
+    - uses: ./.github/workflows/publish-npm.yml
       with:
         scope: '@ionic/vue'
         tag: ${{ inputs.tag }}
@@ -150,7 +150,7 @@ jobs:
         name: ionic-core
         path: ./core
         filename: CoreBuild.zip
-    - uses: ./.github/workflows/actions/publish-npm
+    - uses: ./.github/workflows/publish-npm.yml
       with:
         scope: '@ionic/angular-server'
         tag: ${{ inputs.tag }}
@@ -176,7 +176,7 @@ jobs:
         name: ionic-react
         path: ./packages/react
         filename: ReactBuild.zip
-    - uses: ./.github/workflows/actions/publish-npm
+    - uses: ./.github/workflows/publish-npm.yml
       with:
         scope: '@ionic/react-router'
         tag: ${{ inputs.tag }}
@@ -201,7 +201,7 @@ jobs:
         name: ionic-vue
         path: ./packages/vue
         filename: VueBuild.zip
-    - uses: ./.github/workflows/actions/publish-npm
+    - uses: ./.github/workflows/publish-npm.yml
       with:
         scope: '@ionic/vue-router'
         tag: ${{ inputs.tag }}