Preparing for NPM trusted publishing plus node version housekeeping

[smallsaucepan]

NPM is recommending avoiding using NPM tokens for publishing, instead favouring trusted publishers (e.g. a particular github workflow). This change:

• updates node versions (housekeeping)
• adds the required configuration item to release workflow act as a trusted publisher in future
• renames turf.yml to ci.yml to be more specific about what that workflow does

[mfedderly]

Were you able to configure a trusted publisher on npmjs? Otherwise I can dig into doing that.

[mfedderly]

I've seen other packages consider dropping support for old versions of nodejs as a breaking change.
We aren't technically breaking support here, just not testing it which would make it more likely for a breaking change to sneak in.

I'm happy to either merge this as a non-major change, or push it off for later if you'd prefer.