Add new npm publish switch workflow

With the trusted publisher model, npm now allows only a single workflow
to be registered as the trusted publisher. But this workflow can then
invoke other workflows, which may do the actual publishing.
https://docs.npmjs.com/trusted-publishers

So the new `npm-publish-switch.yml` workflow will act as a switch which:

- If run on main branch as a result of a push, will check try to
  automatically release a new version
- Can be run directly to explicitly publish a new version to npm (which
  only makes sense when running it on a branch apart from main, because
  there the auto-publish workflow will take care of it)

The idea of this setup is also shown in
https://github.com/orgs/community/discussions/174507#discussioncomment-14723818

Because trusted publishing requires npm CLI version 11.5.1 or later, 
this currently also means, that we have to update npm before running 
`npm publish`.

Additionally `npm-publish-switch.yml` also needs to be registered as the 
trusted publisher in the npm settings for the pc-nrfconnect-shared 
package.

Author: datenreisender

.github/workflows/auto-publish-shared.yml

@@ -1,8 +1,6 @@
 name: Auto-publish shared
 
-on:
-    push:
-        branches: [main]
+on: workflow_call
 
 jobs:
     check:

.github/workflows/npm-publish-switch.yml

@@ -0,0 +1,39 @@
+name: Release shared
+
+# With the trusted publisher model, npm now allows only a single workflow to
+# be registered as the trusted publisher. But this workflow can then invoke
+# other workflows, which may do the actual publishing.
+
+# So this workflow will act as a switch which:
+# - If run on main branch as a result of a push, will check try to
+#   automatically release a new version
+# - Can be run directly to explicitly publish a new version to npm (which only
+#   makes sense when running it on a branch apart from main, because there the
+#   auto-publish workflow will take care of it)
+#
+# The idea of this setup is also shown in
+# https://github.com/orgs/community/discussions/174507#discussioncomment-14723818
+
+on:
+    push:
+        branches: [main]
+    workflow_dispatch:
+        inputs:
+            ref:
+                description:
+                    Ref (Tag, branch, commit SHA) to release. Defaults to from
+                    where the workflow is triggered, usually the main branch.
+                required: false
+                type: string
+
+jobs:
+    auto-publish:
+        if: ${{ github.event_name == 'push' }}
+        uses: ./.github/workflows/auto-publish-shared.yml
+        secrets: inherit
+
+    explicit-publish:
+        if: ${{ github.event_name == 'workflow_dispatch' }}
+        uses: ./.github/workflows/release-shared.yml
+        with:
+            ref: ${{ inputs.ref }}

.github/workflows/release-shared.yml

@@ -1,15 +1,14 @@
 name: Release shared
 
 on:
-    workflow_dispatch:
+    workflow_call:
         inputs:
             ref:
                 description:
                     Ref (Tag, branch, commit SHA) to release. Defaults to from
                     where the workflow is triggered, usually the main branch.
                 required: false
                 type: string
-    workflow_call:
 
 jobs:
     release:
@@ -36,6 +35,7 @@ jobs:
                     exit 1
                   fi
 
+            - run: npm install --global npm@latest
             - run: npm ci
             - run: npm run check
             - run: npm test