fix: Remove NPM_TOKEN for OIDC auth and disable alpha branch update

- Removed NODE_AUTH_TOKEN env var from publish-npm job
  OIDC/Trusted Publishers authentication doesn't need NPM_TOKEN secret
- Commented out update-branch job since latest-alpha-cli branch doesn't exist

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

.github/workflows/rust-release.yml

@@ -511,7 +511,6 @@ jobs:
         env:
           VERSION: ${{ needs.release.outputs.version }}
           NPM_TAG: ${{ needs.release.outputs.npm_tag }}
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
         run: |
           set -euo pipefail
           tag_args=()
@@ -527,21 +526,21 @@ jobs:
             npm publish "${GITHUB_WORKSPACE}/dist/npm/${tarball}" --provenance --access public "${tag_args[@]}"
           done
 
-  update-branch:
+  # update-branch:
-    name: Update latest-alpha-cli branch
+  #   name: Update latest-alpha-cli branch
-    permissions:
+  #   permissions:
-      contents: write
+  #     contents: write
-    needs: release
+  #   needs: release
-    runs-on: ubuntu-latest
+  #   runs-on: ubuntu-latest
-
+  #
-    steps:
+  #   steps:
-      - name: Update latest-alpha-cli branch
+  #     - name: Update latest-alpha-cli branch
-        env:
+  #       env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  #         GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
+  #       run: |
-          set -euo pipefail
+  #         set -euo pipefail
-          gh api \
+  #         gh api \
-            repos/${GITHUB_REPOSITORY}/git/refs/heads/latest-alpha-cli \
+  #           repos/${GITHUB_REPOSITORY}/git/refs/heads/latest-alpha-cli \
-            -X PATCH \
+  #           -X PATCH \
-            -f sha="${GITHUB_SHA}" \
+  #           -f sha="${GITHUB_SHA}" \
-            -F force=true
+  #           -F force=true