Abort release workflow, when new package does not yet exist on npmjs.com

[oliverschuerch]

User Story
As a developer of the design system, I'd expect the release workflow will fail, if there is a new package which should be released through trusted publishing, but does not yet exist in the npm registry.

Explanation
In our automated github release workflow, we switched to trusted publishing, which means... Instead of using an NPM_TOKEN as a secret, we configured each and every of our packages on npmjs.org to accept new package versions coming from our github repo release workflow, which uses an OIDC (Open ID Connect) object to verify it's ientity.
However, since trusted publishing can only be configred on existing npmjs.org packages (at the moment), we need to ensure, our release workflow fails, whenever we're about to release a new package, which does not exist on npmjs.org.

Suggestion

1. Add another step after the dry-run check in our release.yaml
2. Generate the changesets.json file (pnpm changeset status --output=changesets.json) and read out the releases array. To detect which packages should be released. Don't forget to clean up afterwards.
3. Check if the packages exist in the official registry (https://registry.npmjs.org).
   If it exists, everything is fine. If not, the workflow should fail.
   Maybe pnpm view <pkg-name> can be used to do this check.
4. If it fails, we could maybe add an annotation to explain what we need to do to create the package manualy and configure it for trusted publishing.

Acceptance Criterias

• The release workflow must fail, if we're about to release a new, not yet on npmjs.org existing package.