Automate Build, Review, and Publish to PyPI

[GhazanfarTaqi]

📝 Description

Implement a fully automated, controlled CI/CD pipeline for building, validating, and publishing to PyPI.

This PR introduces:

• Continuous Integration (CI) workflow that tests on Python 3.8-3.12 and validates package integrity
• Gated release workflow that publishes to PyPI only on approved releases using Trusted Publishing (OIDC)
• Release tag vs. package version consistency check to prevent mismatched releases
• Updated contributor and maintainer documentation

🎯 Type of Change

• New feature (release automation infrastructure)
• Documentation update

✅ Checklist

• Workflows tested and validated
• Documentation updated (README, CONTRIBUTING)
• No secrets or credentials in workflows
• YAML syntax valid
• Follows project conventions

🧪 Testing

• Test the pipeline in this repo before merging, as I have no way of testing it myself
• The following should be tested:
• CI workflow validates on every push and PR
• Package validation included (sdist + wheel content checks)
• twine metadata validation included
• Test matrix covers Python 3.8-3.12

📚 Documentation

• README.md updated with release automation section
• CONTRIBUTING.md updated with CI validation and release process sections
• One-time setup instructions for maintainers included

🚀 What This Enables

1. Automated testing before every release
2. Package integrity validation (metadata + contents)
3. Gated approval before PyPI publication
4. Secure credentials via OIDC Trusted Publishing (no stored tokens)
5. Version consistency check (tag must match package version)

📋 One-time Maintainer Setup Required

Before the first release, maintainers must:

1. Configure this repo as a Trusted Publisher in PyPI settings
2. Create a pypi environment in GitHub with the required reviewers
3. Publish a GitHub Release to trigger automated PyPI deployment

• If any query or problem related to this, then contact me

[GhazanfarTaqi]

I will reopen the pull request after further testing