Add npm package distribution for sql-pipe

[vmvarela]

Description

Publish sql-pipe to the npm registry so that Node.js/JavaScript developers can install it using the standard npm toolchain, without needing to compile from source or use a platform-specific binary release.

Motivation

npm is the most widely-used package manager in the JavaScript ecosystem. Many developers already have it installed and prefer to use it for CLI tools. Supporting npm install -g @vmvarela/sql-pipe would significantly lower the barrier to adoption.

Design Decisions

• Package name: @vmvarela/sql-pipe (scoped under the existing npmjs.com account)
• Distribution strategy: Single bundled package — all platform binaries are included in the package itself. No optionalDependencies sub-packages, no postinstall download. A small JS launcher (bin/sql-pipe.js) detects the current platform/arch at runtime and executes the correct binary.
• Authentication: Trusted Publishing (OIDC) — no long-lived NPM_TOKEN secret in the repo. The CI job uses permissions: id-token: write and publishes with --provenance.
• First publish: The package name must be claimed manually once (npm publish --access public from a local machine with npm login) before Trusted Publishing can be configured on npmjs.com. Subsequent releases are fully automated via CI.
• Version sync: The package.json in the repo uses "0.0.0" as a placeholder. The CI injects the real version from the git tag at publish time: npm version $VERSION --no-git-tag-version.

Acceptance Criteria

• packaging/npm/package.json created with correct metadata (@vmvarela/sql-pipe, description, bin entry, license, repository, engines)
• packaging/npm/bin/sql-pipe.js launcher detects platform/arch and executes the bundled binary; exits with a clear error on unsupported platforms
• Pre-built binaries for all supported platforms are staged and bundled by CI at publish time:
  • Linux: x64, arm64, arm (armv7)
  • macOS: x64, arm64
  • Windows: x64
• npm install -g @vmvarela/sql-pipe installs a working sql-pipe CLI on all supported platforms
• CI publish-npm job added to release.yml, runs after release, uses Trusted Publishing (OIDC), no NPM_TOKEN secret required
• Job is a no-op if Trusted Publishing is not configured (graceful skip, consistent with other optional publish jobs)
• npm package version matches the git tag version (e.g. tag v0.3.1 → package 0.3.1)
• Installation instructions via npm added to README.md

Implementation Notes

New files

• packaging/npm/package.json — placeholder version 0.0.0, overridden by CI
• packaging/npm/bin/sql-pipe.js — platform-detecting JS launcher (committed)
• packaging/npm/.npmignore — ensures only intended files are published

Modified files

• .github/workflows/release.yml — new publish-npm job with permissions: id-token: write
• README.md — npm install section

Binary staging in CI

Build artifact	Staged as
sql-pipe-x86_64-linux	bin/sql-pipe-linux-x64
sql-pipe-aarch64-linux	bin/sql-pipe-linux-arm64
sql-pipe-armv7-linux	bin/sql-pipe-linux-arm
sql-pipe-x86_64-macos	bin/sql-pipe-darwin-x64
sql-pipe-aarch64-macos	bin/sql-pipe-darwin-arm64
sql-pipe-x86_64-windows.exe	bin/sql-pipe-win32-x64.exe

First-publish bootstrap procedure

1. Run npm login locally with the vmvarela npm account
2. Run npm publish packaging/npm --access public to claim the package name (version 0.0.0)
3. On npmjs.com → package settings → Trusted Publishers → add GitHub repo vmvarela/sql-pipe, workflow release.yml
4. From this point on, all releases are published automatically via CI with OIDC — no manual steps needed