Figure out if we'd like to use trusted publishing for crates.io

[poljar]

The Rust package registry recently added support for something they call trusted-publishing.

This avoids the usage of long-lived secrets to upload packages to crates.io. Additionally it uniquely identifies the workflow which uploaded the package.

Might be neat to set this up for the WASM bindings since we do our plublishing using github actions.