Pandas ENH: Switch to trusted publishing for package upload to PyPI in CI

Feature Type

• [ ] Adding new functionality to pandas

• [ ] Changing existing functionality in pandas

• [ ] Removing existing functionality in pandas

Problem Description

I would like to audit the pandas wheel easily.

Feature Description

Trusted publishing (with attestations) means I can know for certain that what I download from PyPI is the same artefact which was generated in GitHub CI, meaning that what I see in GitHub is the same as what is installed - handy for auditing (rather than having to manually review all of the installed files on each release).

See the Python packaging documentation, the PyPI documentation, and the official pypi-publish GitHub action documentation on trusted publishing - you'll need to configure an environment in PyPI and GitHub.

Alternative Solutions

Manually review all of the installed files on each release

Additional Context

No response