v0.1.1 — trusted publisher pipeline smoke

First release after wiring npm trust github for OIDC publishing. No code changes — exercises the GitHub Actions publish.yml path end-to-end: the workflow's id-token: write permission + npm publish --provenance --access public authenticates via OIDC against npm's trusted-publisher registration. No NPM_TOKEN involved.

Verifies: tag-driven release fires workflow → workflow checks tag matches package.json version → publishes @perryts/google-auth@0.1.1 with a provenance attestation visible on the package's npm page.