chore: Enable supply chain security through npm provenance attestation

[pupapaik]

Description

• Configure GitHub Actions workflow for secure publishing
• Enable automatic provenance generation during npm publish
• Add integrity verification through Sigstore transparency logs

Following the recent Lottie-Player supply chain attack, it's crucial to enhance package security. NPM provenance provides cryptographic proof that this package was built from this repository using GitHub Actions, making supply chain attacks significantly harder. More info in my blog post https://medium.com/exaforce/npm-provenance-the-missing-security-layer-in-popular-javascript-libraries-b50107927008

Specific Changes proposed

Changes the workflow github to publish provenance attestation on https://www.npmjs.com/package/video.js

Requirements Checklist

• Feature implemented in CI/CD
• If necessary, more likely in a feature request than a bug fix
  • Change has been verified in an actual browser (Chrome, Firefox, IE)
  • Unit Tests updated or fixed
  • Docs/guides updated
  • Example created (starter template on JSBin)
  • [ x Has no DOM changes which impact accessiblilty or trigger warnings (e.g. Chrome issues tab)
  • Has no changes to JSDoc which cause npm run docs:api to error
• Reviewed by Two Core Contributors

[welcome]

💖 Thanks for opening this pull request! 💖

Things that will help get your PR across the finish line:

• Run npm run lint -- --errors locally to catch formatting errors earlier.
• Include tests when adding/changing behavior.
• Include screenshots and animated GIFs whenever possible.

We get a lot of pull requests on this repo, so please be patient and we will get back to you as soon as we can.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 83.72%. Comparing base (19ca3f2) to head (9c08cd8).
Report is 3 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #8911   +/-   ##
=======================================
  Coverage   83.72%   83.72%           
=======================================
  Files         120      120           
  Lines        8110     8110           
  Branches     1949     1949           
=======================================
  Hits         6790     6790           
  Misses       1320     1320           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[pupapaik]

any update? Do you guys want to merge it?

[adrums86]

Sorry for the delay @pupapaik, working through getting a minor version of VJS out today. Merging this now. Thanks for your contribution!

[welcome]

Congrats on merging your first pull request! 🎉🎉🎉