Add OIDC migration guide and cross-references to PyPI publishing page

[devin-ai-integration]

Summary

The PyPI publishing page had OIDC setup docs but was missing a migration guide for users switching from token-based auth — unlike the npm publishing page which has a comprehensive one. This PR adds parity.

Changes to publishing-to-pypi.mdx:

• <Warning> banner at page top linking to the new migration section (matches npm page pattern)
• <llms-only> block with prerequisites and default-to-OIDC guidance for AI agents
• New "Migrating from token-based to OIDC publishing" section with:
  • Why migrate (security rationale)
  • Path 1: Generator upgrade — update token: OIDC in generators.yml, regenerate SDK (requires generator ≥ 4.38.1)
  • Path 2: Manual CI workflow update — add build job with upload-artifact, replace publish job with pypa/gh-action-pypi-publish@release/v1 + OIDC permissions
  • Verification steps and troubleshooting accordions

Changes to generators-yml-reference.mdx:

• PyPI token param description now mentions OIDC as an option with a link to the publishing page
• Example YAML updated from "${PYPI_TOKEN}" to OIDC with a comment showing the token-based alternative

Link to Devin session: https://app.devin.ai/sessions/34f216430ae449e19df3384c13988c2f
Requested by: @Swimburger

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment, CI, and merge conflict monitoring

[github-actions]

🌿 Preview your docs: https://fern-preview-devin-1782180113-pypi-oidc-migration-docs.docs.buildwithfern.com/learn

Here are the markdown pages you've updated:

• learn/sdks/generators/python/publishing
• learn/sdks/reference/generators-yml