[BUG] Publish allows adding invalid dist-tag

[h10s]

Is there an existing issue for this?

• I have searched the existing issues

This issue exists in the latest npm version

• I am using the latest npm

Current Behavior

Publish doesn't check the value of the --tag option. I can provide an invalid tag name and publish will proceed.

Expected Behavior

If the dist-tag is specified, publish checks it early on, prior to 2FA and sending a request to the registry.

Steps To Reproduce

1. Change to a directory with a test package
2. Change the package version, possibly using npm version patch
3. Run npm publish --access=public --tag=@invalid

Environment

• npm: 10.5.0
• Node.js: v20.11.1
• OS Name: macOS 13.6.4
• System Model Name: MacBook Air
• npm config:

; "user" config from /Users/hashtagchris/.npmrc

@npm:registry = "https://npm.pkg.github.com" 
//npm.pkg.github.com/:_authToken = (protected) 
//registry.npmjs.org/:_authToken = (protected) 
logs-max = 1000 

; node bin location = /Users/hashtagchris/.nvm/versions/node/v20.11.1/bin/node
; node version = v20.11.1
; npm local prefix = /private/tmp/unpub2
; npm version = 10.5.0
; cwd = /private/tmp/unpub2
; HOME = /Users/hashtagchris
; Run `npm config ls -l` to show all defaults.

[hashtagchris]

Earlier PR that prevents invalid dist-tags for the npm dist-tag add command, but not npm publish: #7195