Issue 50052 - Add package-lock.json and use "npm ci"
    
    Bug description: All software changes incur some risk,
    and it's critical to be able to manage this risk.
    We can use a common way of dealing with it - npm-shrinkwrap.
    
    Fix description: The suggested approach - npm-shrinkwrap - is an "overkill"
    for our case. We don't need to publish the package on NPM.
    It will be sufficient enough to use existing NPM functionality added in 5.7 version.
    
    Replace `npm install` with `npm ci` which uses package-lock.json
    and throws an error if any inconsistencies with pachage.json are found.
    Add package-lock.json to the repo.
    When we change the package.json content, a new pachage-lock.json should be
    generated (using `npm install`) and the change should be commited.
    
    Fix audit issues and update package.json. Add repository field.
    
    Add audit-ci tool. While creating a tarball, we now check that
    there are no vulnerabilities higher than "moderate".
    If you it's impossible to fix issue on our side right now and it is safe
    to proceed, the vulnerable package can be added to whitelist temporary.
    
    https://pagure.io/389-ds-base/issue/50052
    
    Reviewed by: mhonek, vashirov (Thanks!)
    
    Add audit-ci tool, fix audit issues, add "repository" field