release actions and workflows

[CagtayFabry]

to streamline the creation of releases and publishing (e.g. to pypi) we could look into some GH actions that are out there:

• https://github.com/marketplace/actions/pypi-publish
• https://github.com/spacetelescope/action-publish_to_pypi (we can't use this but maybe look into it)
• https://github.com/spacetelescope/crds/blob/master/.github/workflows/release.yml
  I like the idea of having a "release workflow", maybe we could create/configure an action that (when triggered) creates the release PR (similiar to the conda-forge bot) automatically using a script or similar to fill in dates etc. in places that we need them

[marscher]

Honestly I think it is dangerous the encode secrets for PyPI access in the cloud (owned and controlled by Microsoft). There are too many reports where patterns like this have been abused and we do have a responsibility to protect the users of our software.
It ain't too much effort to create a source archive locally from a git tag and just push it to PyPI (5 min of work). But I do feel the appeal of just pushing a button and everything is done automatically.

[CagtayFabry]

we can revoke the token on PyPI in case there is a problem too