[Feature] Support OIDC auth for CircleCI in yarn npm publish

[blimmer]

• I'd be willing to implement this feature (contributing guide)
• This feature is important to have in this repository; a contrib plugin wouldn't do

Describe the user story

As a developer using CircleCI for CI/CD, I want to use npm trusted publishers (OIDC) with yarn npm publish, but the current OIDC implementation only supports GitHub Actions and GitLab CI.

npm recently added CircleCI as a supported trusted publisher provider (docs), and the npm CLI already supports it in lib/utils/oidc.js (checking ciInfo.CIRCLE). Since Yarn's OIDC implementation was adapted from the npm CLI, it should be updated to match upstream's provider support.

Describe the solution you'd like

In packages/plugin-npm/sources/npmHttpUtils.ts, the getOidcToken function should check for the CIRCLECI environment variable in addition to GITLAB_CI. CircleCI uses the same NPM_ID_TOKEN environment variable convention as GitLab, so the change is minimal:

  if (process.env.GITLAB_CI) {
    idToken = process.env.NPM_ID_TOKEN || null;
- } else if (process.env.GITHUB_ACTIONS) {
+ } else if (process.env.CIRCLECI) {
+   idToken = process.env.NPM_ID_TOKEN || null;
+ } else if (process.env.GITHUB_ACTIONS) {

Note: The upstream npm CLI notes that CircleCI doesn't support provenance yet, so the auto-provenance logic in #7017 / #7018 should skip CircleCI (which it naturally would since there's no visibility env var to check).

Describe the drawbacks of your solution

None that I can see — this is a straightforward extension of existing behavior to a newly supported provider. The CIRCLECI env var is well-documented and stable.

Describe alternatives you've considered

A plugin-based approach was mentioned in the original OIDC PR review, but since GitHub Actions and GitLab are already handled inline, adding CircleCI in the same manner is consistent with the current design.