fix(#1440): Support NPM OIDC tokens by not exporting default NODE_AUTH_TOKEN

This change addresses issue #1440 where NPM OIDC authentication was broken
because the action was exporting a fake NODE_AUTH_TOKEN value by default.

NPM OIDC requires NODE_AUTH_TOKEN to either be unset or empty for proper
authentication. The fix only exports NODE_AUTH_TOKEN if it was explicitly
set by the user, allowing OIDC to work while maintaining backward compatibility
for users who explicitly provide tokens.

BREAKING CHANGE: Users who rely on the fake default token should now explicitly
provide NODE_AUTH_TOKEN in their workflows or use OIDC authentication.

Fixes #1440
Related: https://github.com/actions/setup-node/issues/1440

__tests__/authutil.test.ts

@@ -118,6 +118,24 @@ describe('authutil tests', () => {
     expect(process.env.NODE_AUTH_TOKEN).toEqual('foobar');
   });
 
+  it('should not export NODE_AUTH_TOKEN if not set (OIDC support)', async () => {
+    // Clean NODE_AUTH_TOKEN from environment
+    delete process.env.NODE_AUTH_TOKEN;
+    await auth.configAuthentication('https://registry.npmjs.org/');
+    expect(fs.statSync(rcFile)).toBeDefined();
+    // NODE_AUTH_TOKEN should not be exported to environment if not initially set
+    // This allows OIDC authentication to work properly
+    const rc = readRcFile(rcFile);
+    expect(rc['registry']).toBe('https://registry.npmjs.org/');
+  });
+
+  it('should export empty string NODE_AUTH_TOKEN if explicitly set to empty (OIDC support)', async () => {
+    process.env.NODE_AUTH_TOKEN = '';
+    await auth.configAuthentication('https://registry.npmjs.org/');
+    expect(fs.statSync(rcFile)).toBeDefined();
+    expect(process.env.NODE_AUTH_TOKEN).toEqual('');
+  });
+
   it('configAuthentication should overwrite non-scoped with non-scoped', async () => {
     fs.writeFileSync(rcFile, 'registry=NNN');
     await auth.configAuthentication('https://registry.npmjs.org/');