[🔥AUDIT🔥] Add missing package.json keys that are needed for OIDC

[jeremywiebe]

🖍 This is an audit! 🖍

Summary:

Trusted Publishing (OIDC) requires a repository key in the package.json with a url defined.

This PR adds the required fields and hopefully fixes the last publish issue.

Error:

🦋  info npm info @khanacademy/graphql-flow
🦋  info @khanacademy/graphql-flow is being published because our local version (3.4.2) has not been published on npm
🦋  info Publishing "@khanacademy/graphql-flow" at "3.4.2"
🦋  error an error occurred while publishing @khanacademy/graphql-flow: E422 422 Unprocessable Entity - PUT https://registry.npmjs.org/@khanacademy%2fgraphql-flow - Error verifying sigstore provenance bundle: Failed to validate repository information: package.json: "repository.url" is "", expected to match "https://github.com/Khan/graphql-flow" from provenance
🦋  error npm notice SECURITY NOTICE: Breaking changes starting October 13, 2025. New tokens will be limited to a maximum lifetime of 90 days, and TOTP setup will be disabled. Classic tokens will be revoked in November. Update your CI/CD workflows to avoid disruption. Learn more: https://gh.io/npm-token-changes
🦋  error npm notice Publishing to https://registry.npmjs.org with tag latest and public access
🦋  error npm notice publish Signed provenance statement with source and build information from GitHub Actions
🦋  error npm notice publish Provenance statement published to transparency log: https://search.sigstore.dev/?logIndex=653196413
🦋  error npm error code E422
🦋  error npm error 422 Unprocessable Entity - PUT https://registry.npmjs.org/@khanacademy%2fgraphql-flow - Error verifying sigstore provenance bundle: Failed to validate repository information: package.json: "repository.url" is "", expected to match "https://github.com/Khan/graphql-flow" from provenance
🦋  error npm error A complete log of this run can be found in: /home/runner/.npm/_logs/2025-10-29T22_19_58_512Z-debug-0.log
🦋  error
🦋  error packages failed to publish:
🦋  @khanacademy/graphql-flow@3.4.2

Issue: "none"

Test plan:

Hrm

[changeset-bot]

⚠️ No Changeset found

Latest commit: 93561fc

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[jaredly]

👍️