add --ignore-scripts to npm build

use `--ignore-scripts` to secure the npm builds from package supply chain attacks via shell access in pre / post scripts. See https://docs.npmjs.com/cli/v7/commands/npm-install#ignore-scripts

.github/workflows/npm_build.yaml

@@ -36,7 +36,7 @@ jobs:
       with:
         node-version: ${{ inputs.node_version }}
         cache: 'npm'
-    - run: npm ci
+    - run: npm ci --ignore-scripts
     - run: npm run ${{ inputs.script }}
 
     - name: Write commit_id.txt