docs: remove legacy token usage instructions and emphasize read-only token creation

Author: jpg619

content/integrations/integrating-npm-with-external-services/using-private-packages-in-a-ci-cd-workflow.mdx

@@ -25,14 +25,6 @@ Create a new access token that will be used only to access npm packages from a C
 
 When generating an access token for use in a continuous integration environment, we recommend using a granular access token with limited access to provide greater security.
 
-If you use a legacy token instead, by default, `npm token create` will generate a token with both read and write permissions. We recommend creating a read-only token:
-
-```
-npm token create --read-only
-```
-
-For more information on creating access tokens, including CIDR-whitelisted tokens, see "[Creating an access token][create-token]".
-
 ### Continuous deployment
 
 For publishing packages in continuous deployment environments, we strongly recommend using [trusted publishing](/trusted-publishers) when available, as it provides enhanced security without requiring token management.