Update pypa/gh-action-pypi-publish action to v1.8.8 (#275)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish)
| action | patch | `v1.8.7` -> `v1.8.8` |

---

### Release Notes

<details>
<summary>pypa/gh-action-pypi-publish
(pypa/gh-action-pypi-publish)</summary>

###
[`v1.8.8`](https://github.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.8)

[Compare
Source](https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.7...v1.8.8)

##### 💅 Cosmetic output impovements

- In
[https://github.com/pypa/gh-action-pypi-publish/pull/167](https://github.com/pypa/gh-action-pypi-publish/pull/167),
[@&#8203;woodruffw](https://github.com/woodruffw) introduced a
nudge-warning encoraging people to start using secretless publishing to
PyPI, as suggested by [@&#8203;sethmlarson] in
[https://github.com/pypa/gh-action-pypi-publish/issues/164](https://github.com/pypa/gh-action-pypi-publish/issues/164),
collaborating with [@&#8203;di](https://github.com/di).

*:bulb: Tip:* The OIDC-based trusted publishing integration details can
be found in the action README at
https://github.com/marketplace/actions/pypi-publish#trusted-publishing
and on the PyPI docs page at https://docs.pypi.org/trusted-publishers/.
It's gone GA on April 20, 2023, during PyCon:
https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/.
And the Trail Of Bits blog post has some deeper explanation here:
https://blog.trailofbits.com/2023/05/23/trusted-publishing-a-new-benchmark-for-packaging-security/.

##### 🛠️ Internal dependencies

- [@&#8203;pquentin] bumped the runtime dependency pins to the recent
versions
@&#[https://github.com/pypa/gh-action-pypi-publish/pull/168](https://github.com/pypa/gh-action-pypi-publish/pull/168)ll/168.

##### 💪 New Contributors

- [@&#8203;pquentin](https://github.com/pquentin) made their first
contribution in
[https://github.com/pypa/gh-action-pypi-publish/pull/168](https://github.com/pypa/gh-action-pypi-publish/pull/168)

**:mirror: Full Diff**:
pypa/gh-action-pypi-publish@v1.8.7...v1.8.8

[@&#8203;pquentin]: https://github.com/sponsors/pquentin

[@&#8203;sethmlarson]: https://github.com/sponsors/sethmlarson

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/allenporter/flux-local).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi41LjMiLCJ1cGRhdGVkSW5WZXIiOiIzNi41LjMiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.github/workflows/python-publish.yaml

@@ -26,7 +26,7 @@ jobs:
     - name: Build package
       run: python -m build
     - name: Publish package
-      uses: pypa/[email protected].7
+      uses: pypa/[email protected].8
       with:
         user: __token__
         password: ${{ secrets.PYPI_API_TOKEN }}