In this game, you are a PyPI package maintainer who must securely exchange identity tokens with a trusted third-party service to publish your package to PyPI. Use your logic skills to carefully configure your GitHub Actions workflow and trust an OpenID Connect Identity Provider to request short-lived, tightly-scoped API tokens from PyPI. Can you publish your package securely and without sharing long-lived passwords or API tokens with external systems?