Specify `ignore-scripts` when publishing

As noted in https://snyk.io/blog/github-actions-to-securely-publish-npm-packages/, it is insecure to allow scripts to execute at the time of publishing, so we should make sure that this configuration is applied