Move .npmrc write out of actions

[CobyPear]

What changes were made?

• Add registry string to .npmrc
• Remove write of .npmrc from the Actions workflows
• Add NPM_TOKEN to action env to be read by the .npmrc during the action

Where were the changes made?

.npmrc and GitHub actions workflows

How have the changes been tested?

If the .npmrc is completely missing from the repo, it will be created by the changeset "Canary version" action. This commits that file back to the repo with our secret exposed. This is a problem! I have just tested another canary release with a blank .npmrc which seems to prevent the exposed secret issue, however it does not seem to work for the actual publish.

This change should make sure that

1. the npmrc is already in the repo so it should not need to be created during the changeset action
2. the token is not written at all during CI, it is instead read from a secret env var. This should prove a bit safer in the long run in case something like this happens again.

Additional information

I followed this comment and their repo for this fix: changesets/action#98 (comment)

Don't forget to add a changeset if needed!

[changeset-bot]

⚠️ No Changeset found

Latest commit: dfca75c

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR