Clarify OIDC requirements in advanced usage documentation

docs/advanced-usage.md

@@ -495,7 +495,7 @@ You must also configure a **Trusted Publisher** in npm for your package/scope th
 ```yaml
     permissions:
       contents: read
-      id-token: write
+      id-token: write  # Required for OIDC
 
     steps:
       - uses: actions/checkout@v6
@@ -510,14 +510,6 @@ You must also configure a **Trusted Publisher** in npm for your package/scope th
       - run: npm publish
 ```
 
-### Important
-
-* `id-token: write` is required for OIDC authentication
-* `contents: read` is required for repository access
-* If a Trusted Publisher is configured with a GitHub Actions **environment**, it must also be set on the job (e.g. `environment: release`).
-
-OIDC authentication is handled automatically via GitHub's identity token.
-
 > **Note**: If the Trusted Publisher configuration (GitHub owner/repo/workflow file, and optional environment) does not match the workflow run identity exactly, publishing may fail with **E404 Not Found** even if the package exists on npm.
 
 For more details, see the [npm Trusted Publishers documentation](https://docs.npmjs.com/trusted-publishers) and the [GitHub Actions OpenID Connect (OIDC) overview](https://docs.github.com/en/actions/concepts/security/openid-connect).